From 7ed998436c39ff922f285fd73d87f0336973218f Mon Sep 17 00:00:00 2001 From: David-John Willis Date: Wed, 18 Nov 2009 14:01:30 +0000 Subject: libpam-base-files: Start to add default config files for libpam * This will start to get Linux-PAM into a usable state. Default config files derived from Debian with tweaks. Some are not needed and will be dropped later and some should really be packaged elsewhere. * Also update libpam_1.0.2 to depend on this package and the meta package with auth systems as it is not a lot of use without them (it works but can't do anything). * Add 1.1.0 and tweaks to 1.0.2. * Update all the pam.d base config files to support the suggested upstream layout not patches legacy layouts used but some Linux distros. * Use the proper include layouts * Still package some 'suggested' files for common services that do not pack there own pam.d files (TODO: move these to the package recipies not this one). --- recipes/pam/libpam-1.1.0/pam-nodocs.patch | 35 +++++++++++ recipes/pam/libpam-base-files.bb | 18 ++++++ recipes/pam/libpam-base-files/pam.d/atd | 10 ++++ recipes/pam/libpam-base-files/pam.d/common-account | 25 ++++++++ recipes/pam/libpam-base-files/pam.d/common-auth | 18 ++++++ .../pam/libpam-base-files/pam.d/common-password | 27 +++++++++ recipes/pam/libpam-base-files/pam.d/common-session | 20 +++++++ .../pam.d/common-session-noninteractive | 19 ++++++ recipes/pam/libpam-base-files/pam.d/cron | 11 ++++ recipes/pam/libpam-base-files/pam.d/cups | 3 + recipes/pam/libpam-base-files/pam.d/cvs | 12 ++++ recipes/pam/libpam-base-files/pam.d/libcupsys2 | 3 + recipes/pam/libpam-base-files/pam.d/other | 27 +++++++++ recipes/pam/libpam-base-files/pam.d/polkit | 6 ++ recipes/pam/libpam-base-files/pam.d/polkit-1 | 6 ++ recipes/pam/libpam-base-files/pam.d/ppp | 8 +++ recipes/pam/libpam-base-files/pam.d/sesman | 6 ++ recipes/pam/libpam-base-files/pam.d/sshd | 33 ++++++++++ recipes/pam/libpam_1.0.2.bb | 6 +- recipes/pam/libpam_1.1.0.bb | 70 ++++++++++++++++++++++ 20 files changed, 361 insertions(+), 2 deletions(-) create mode 100644 recipes/pam/libpam-1.1.0/pam-nodocs.patch create mode 100644 recipes/pam/libpam-base-files.bb create mode 100644 recipes/pam/libpam-base-files/pam.d/atd create mode 100644 recipes/pam/libpam-base-files/pam.d/common-account create mode 100644 recipes/pam/libpam-base-files/pam.d/common-auth create mode 100644 recipes/pam/libpam-base-files/pam.d/common-password create mode 100644 recipes/pam/libpam-base-files/pam.d/common-session create mode 100644 recipes/pam/libpam-base-files/pam.d/common-session-noninteractive create mode 100644 recipes/pam/libpam-base-files/pam.d/cron create mode 100644 recipes/pam/libpam-base-files/pam.d/cups create mode 100644 recipes/pam/libpam-base-files/pam.d/cvs create mode 100644 recipes/pam/libpam-base-files/pam.d/libcupsys2 create mode 100644 recipes/pam/libpam-base-files/pam.d/other create mode 100644 recipes/pam/libpam-base-files/pam.d/polkit create mode 100644 recipes/pam/libpam-base-files/pam.d/polkit-1 create mode 100644 recipes/pam/libpam-base-files/pam.d/ppp create mode 100644 recipes/pam/libpam-base-files/pam.d/sesman create mode 100644 recipes/pam/libpam-base-files/pam.d/sshd create mode 100644 recipes/pam/libpam_1.1.0.bb (limited to 'recipes/pam') diff --git a/recipes/pam/libpam-1.1.0/pam-nodocs.patch b/recipes/pam/libpam-1.1.0/pam-nodocs.patch new file mode 100644 index 0000000000..895f0e182a --- /dev/null +++ b/recipes/pam/libpam-1.1.0/pam-nodocs.patch @@ -0,0 +1,35 @@ +--- /tmp/Makefile.am 2008-09-05 15:16:21.000000000 +0200 ++++ Linux-PAM-1.0.2/Makefile.am 2008-09-05 15:16:56.153198000 +0200 +@@ -5,9 +5,9 @@ + AUTOMAKE_OPTIONS = 1.9 gnu dist-bzip2 check-news + + if STATIC_MODULES +-SUBDIRS = modules libpam libpamc libpam_misc tests po conf doc examples xtests ++SUBDIRS = modules libpam libpamc libpam_misc tests po conf examples xtests + else +-SUBDIRS = libpam tests libpamc libpam_misc modules po conf doc examples xtests ++SUBDIRS = libpam tests libpamc libpam_misc modules po conf examples xtests + endif + + CLEANFILES = *~ +@@ -28,19 +28,7 @@ + + ACLOCAL_AMFLAGS = -I m4 + +-release: dist releasedocs +- +-release-docs: releasedocs +- +-releasedocs: +- rm -rf Linux-PAM-$(VERSION) +- mkdir -p Linux-PAM-$(VERSION)/doc +- make -C doc releasedocs +- tar zfc Linux-PAM-$(VERSION)-docs.tar.gz \ +- Linux-PAM-$(VERSION)/doc +- tar jfc Linux-PAM-$(VERSION)-docs.tar.bz2 \ +- Linux-PAM-$(VERSION)/doc +- rm -rf Linux-PAM-$(VERSION) ++release: dist + + xtests: + make -C xtests xtests diff --git a/recipes/pam/libpam-base-files.bb b/recipes/pam/libpam-base-files.bb new file mode 100644 index 0000000000..0fa11d8051 --- /dev/null +++ b/recipes/pam/libpam-base-files.bb @@ -0,0 +1,18 @@ +DESCRIPTION = "Linux-PAM authentication library for Linux. Base configuration files" + +SECTION = "libs" +PRIORITY = "optional" +LICENSE = "GPLv2" +DEPENDS = "" +RDEPENDS = "libpam" + +PR = "r1" + +SRC_URI = " \ + file://pam.d/* \ +" + +do_install() { + install -d ${D}${sysconfdir}/pam.d/ + install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/ +} diff --git a/recipes/pam/libpam-base-files/pam.d/atd b/recipes/pam/libpam-base-files/pam.d/atd new file mode 100644 index 0000000000..17ffb134d3 --- /dev/null +++ b/recipes/pam/libpam-base-files/pam.d/atd @@ -0,0 +1,10 @@ +# +# The PAM configuration file for the at daemon +# + +auth required pam_env.so +auth include common-auth +account include common-account +password include common-password +session required pam_limits.so +session include common-session diff --git a/recipes/pam/libpam-base-files/pam.d/common-account b/recipes/pam/libpam-base-files/pam.d/common-account new file mode 100644 index 0000000000..316b17337b --- /dev/null +++ b/recipes/pam/libpam-base-files/pam.d/common-account @@ -0,0 +1,25 @@ +# +# /etc/pam.d/common-account - authorization settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authorization modules that define +# the central access policy for use on the system. The default is to +# only deny service to users whose accounts are expired in /etc/shadow. +# +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. +# + +# here are the per-package modules (the "Primary" block) +account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so +# here's the fallback if no module succeeds +account requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +account required pam_permit.so +# and here are more per-package modules (the "Additional" block) +# end of pam-auth-update config diff --git a/recipes/pam/libpam-base-files/pam.d/common-auth b/recipes/pam/libpam-base-files/pam.d/common-auth new file mode 100644 index 0000000000..460b69f198 --- /dev/null +++ b/recipes/pam/libpam-base-files/pam.d/common-auth @@ -0,0 +1,18 @@ +# +# /etc/pam.d/common-auth - authentication settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authentication modules that define +# the central authentication scheme for use on the system +# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the +# traditional Unix authentication mechanisms. + +# here are the per-package modules (the "Primary" block) +auth [success=1 default=ignore] pam_unix.so nullok_secure +# here's the fallback if no module succeeds +auth requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +auth required pam_permit.so +# and here are more per-package modules (the "Additional" block) diff --git a/recipes/pam/libpam-base-files/pam.d/common-password b/recipes/pam/libpam-base-files/pam.d/common-password new file mode 100644 index 0000000000..bc98f199b9 --- /dev/null +++ b/recipes/pam/libpam-base-files/pam.d/common-password @@ -0,0 +1,27 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "sha512" option enables salted SHA512 passwords. Without this option, +# the default is Unix crypt. Prior releases used the option "md5". +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# here are the per-package modules (the "Primary" block) +password [success=1 default=ignore] pam_unix.so obscure sha512 +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) +password optional pam_gnome_keyring.so diff --git a/recipes/pam/libpam-base-files/pam.d/common-session b/recipes/pam/libpam-base-files/pam.d/common-session new file mode 100644 index 0000000000..2123967d15 --- /dev/null +++ b/recipes/pam/libpam-base-files/pam.d/common-session @@ -0,0 +1,20 @@ +# +# /etc/pam.d/common-session - session-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of sessions of *any* kind (both interactive and +# non-interactive). +# + +# here are the per-package modules (the "Primary" block) +session [default=1] pam_permit.so +# here's the fallback if no module succeeds +session requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +session required pam_permit.so +# and here are more per-package modules (the "Additional" block) +session required pam_unix.so +session optional pam_ck_connector.so nox11 diff --git a/recipes/pam/libpam-base-files/pam.d/common-session-noninteractive b/recipes/pam/libpam-base-files/pam.d/common-session-noninteractive new file mode 100644 index 0000000000..b110bb2b49 --- /dev/null +++ b/recipes/pam/libpam-base-files/pam.d/common-session-noninteractive @@ -0,0 +1,19 @@ +# +# /etc/pam.d/common-session-noninteractive - session-related modules +# common to all non-interactive services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of all non-interactive sessions. +# + +# here are the per-package modules (the "Primary" block) +session [default=1] pam_permit.so +# here's the fallback if no module succeeds +session requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +session required pam_permit.so +# and here are more per-package modules (the "Additional" block) +session required pam_unix.so diff --git a/recipes/pam/libpam-base-files/pam.d/cron b/recipes/pam/libpam-base-files/pam.d/cron new file mode 100644 index 0000000000..743c0ed31f --- /dev/null +++ b/recipes/pam/libpam-base-files/pam.d/cron @@ -0,0 +1,11 @@ +# +# The PAM configuration file for the cron daemon +# + +auth include common-auth +session required pam_env.so +account include common-account +session include common-session-noninteractive +# Sets up user limits, please define limits for cron tasks +# through /etc/security/limits.conf +session required pam_limits.so diff --git a/recipes/pam/libpam-base-files/pam.d/cups b/recipes/pam/libpam-base-files/pam.d/cups new file mode 100644 index 0000000000..8e7f973a2c --- /dev/null +++ b/recipes/pam/libpam-base-files/pam.d/cups @@ -0,0 +1,3 @@ +auth include common-auth +account include common-account +session include common-session diff --git a/recipes/pam/libpam-base-files/pam.d/cvs b/recipes/pam/libpam-base-files/pam.d/cvs new file mode 100644 index 0000000000..9627c4f7bf --- /dev/null +++ b/recipes/pam/libpam-base-files/pam.d/cvs @@ -0,0 +1,12 @@ +# +# /etc/pam.d/cvs - specify the PAM behaviour of CVS +# + +# We fall back to the system default in /etc/pam.d/common-* + +auth include common-auth +account include common-account + +# We don't use password or session modules at all +# password include common-password +# session include common-session diff --git a/recipes/pam/libpam-base-files/pam.d/libcupsys2 b/recipes/pam/libpam-base-files/pam.d/libcupsys2 new file mode 100644 index 0000000000..8e7f973a2c --- /dev/null +++ b/recipes/pam/libpam-base-files/pam.d/libcupsys2 @@ -0,0 +1,3 @@ +auth include common-auth +account include common-account +session include common-session diff --git a/recipes/pam/libpam-base-files/pam.d/other b/recipes/pam/libpam-base-files/pam.d/other new file mode 100644 index 0000000000..6e40cd0c02 --- /dev/null +++ b/recipes/pam/libpam-base-files/pam.d/other @@ -0,0 +1,27 @@ +# +# /etc/pam.d/other - specify the PAM fallback behaviour +# +# Note that this file is used for any unspecified service; for example +#if /etc/pam.d/cron specifies no session modules but cron calls +#pam_open_session, the session module out of /etc/pam.d/other is +#used. + +#If you really want nothing to happen then use pam_permit.so or +#pam_deny.so as appropriate. + +# We use pam_warn.so to generate syslog notes that the 'other' +#fallback rules are being used (as a hint to suggest you should setup +#specific PAM rules for the service and aid to debugging). We then +#fall back to the system default in /etc/pam.d/common-* + +auth required pam_warn.so +auth include common-auth + +account required pam_warn.so +account include common-account + +password required pam_warn.so +password include common-password + +session required pam_warn.so +session include common-session diff --git a/recipes/pam/libpam-base-files/pam.d/polkit b/recipes/pam/libpam-base-files/pam.d/polkit new file mode 100644 index 0000000000..836b53d61a --- /dev/null +++ b/recipes/pam/libpam-base-files/pam.d/polkit @@ -0,0 +1,6 @@ +#%PAM-1.0 + +auth include common-auth +account include common-account +password include common-password +session include common-session diff --git a/recipes/pam/libpam-base-files/pam.d/polkit-1 b/recipes/pam/libpam-base-files/pam.d/polkit-1 new file mode 100644 index 0000000000..836b53d61a --- /dev/null +++ b/recipes/pam/libpam-base-files/pam.d/polkit-1 @@ -0,0 +1,6 @@ +#%PAM-1.0 + +auth include common-auth +account include common-account +password include common-password +session include common-session diff --git a/recipes/pam/libpam-base-files/pam.d/ppp b/recipes/pam/libpam-base-files/pam.d/ppp new file mode 100644 index 0000000000..aed08fd1b2 --- /dev/null +++ b/recipes/pam/libpam-base-files/pam.d/ppp @@ -0,0 +1,8 @@ +#%PAM-1.0 +# Information for the PPPD process with the 'login' option. + +auth required pam_nologin.so +auth include common-auth +account include common-account +session include common-session + diff --git a/recipes/pam/libpam-base-files/pam.d/sesman b/recipes/pam/libpam-base-files/pam.d/sesman new file mode 100644 index 0000000000..836b53d61a --- /dev/null +++ b/recipes/pam/libpam-base-files/pam.d/sesman @@ -0,0 +1,6 @@ +#%PAM-1.0 + +auth include common-auth +account include common-account +password include common-password +session include common-session diff --git a/recipes/pam/libpam-base-files/pam.d/sshd b/recipes/pam/libpam-base-files/pam.d/sshd new file mode 100644 index 0000000000..c0028ff3cb --- /dev/null +++ b/recipes/pam/libpam-base-files/pam.d/sshd @@ -0,0 +1,33 @@ +# PAM configuration for the Secure Shell service + +# Read environment variables from /etc/environment and +# /etc/security/pam_env.conf. +auth required pam_env.so # [1] + +# Standard Un*x authentication. +auth include common-auth + +# Disallow non-root logins when /etc/nologin exists. +account required pam_nologin.so + +# Uncomment and edit /etc/security/access.conf if you need to set complex +# access limits that are hard to express in sshd_config. +# account required pam_access.so + +# Standard Un*x authorization. +account include common-accountt + +# Standard Un*x session setup and teardown. +session include common-session + +# Print the message of the day upon successful login. +session optional pam_motd.so # [1] + +# Print the status of the user's mailbox upon successful login. +session optional pam_mail.so standard noenv # [1] + +# Set up user limits from /etc/security/limits.conf. +session required pam_limits.so + +# Standard Un*x password updating. +password include common-password diff --git a/recipes/pam/libpam_1.0.2.bb b/recipes/pam/libpam_1.0.2.bb index b288458e98..1ab7fa95f9 100644 --- a/recipes/pam/libpam_1.0.2.bb +++ b/recipes/pam/libpam_1.0.2.bb @@ -12,7 +12,10 @@ LICENSE = "GPLv2" DEPENDS = "flex flex-native" -PR = "r4" +# PAM is not a lot of use without configuration files and the plugins +RRECOMMENDS_${PN} = "libpam-meta libpam-base-files" + +PR = "r5" # The project is actually called Linux-PAM but that gives # a bad OE package name because of the upper case characters @@ -66,7 +69,6 @@ python populate_packages_prepend () { bb.data.setVar('PACKAGES', ' '.join(packages), d) } - do_stage() { autotools_stage_all } diff --git a/recipes/pam/libpam_1.1.0.bb b/recipes/pam/libpam_1.1.0.bb new file mode 100644 index 0000000000..32dc9e15cb --- /dev/null +++ b/recipes/pam/libpam_1.1.0.bb @@ -0,0 +1,70 @@ +DESCRIPTION = "\ +PAM authentication library for Linux. \ +Linux-PAM (Pluggable Authentication Modules for Linux) is a \ +library that enables the local system administrator to choose \ +how individual applications authenticate users. For an \ +overview of the Linux-PAM library see the Linux-PAM System \ +Administrators' Guide." +HOMEPAGE = "http://kernel.org/pub/linux/libs/pam" +SECTION = "libs" +PRIORITY = "optional" +LICENSE = "GPLv2" + +DEFAULT_PREFERENCE_libc-uclibc = "-1" + +DEPENDS = "flex flex-native" + +# PAM is not a lot of use without configuration files and the plugins +RRECOMMENDS_${PN} = "libpam-meta libpam-base-files" + +PR = "r0" + +# The project is actually called Linux-PAM but that gives +# a bad OE package name because of the upper case characters +pn = "Linux-PAM" +p = "${pn}-${PV}" +S = "${WORKDIR}/${p}" + +SRC_URI = "${KERNELORG_MIRROR}/pub/linux/libs/pam/library/${p}.tar.bz2 \ + file://pam-nodocs.patch;patch=1 " + +inherit autotools + +LEAD_SONAME = "libpam.so.*" + +# maintain the pam default layout +EXTRA_OECONF += " --includedir=${includedir}/security" + +PACKAGES_DYNAMIC += " libpam-meta pam-plugin-*" + +python populate_packages_prepend () { + import os.path + + pam_libdir = bb.data.expand('${libdir}/security', d) + pam_libdirdebug = bb.data.expand('${libdir}/security/.debug', d) + pam_filterdir = bb.data.expand('${libdir}/security/pam_filter', d) + do_split_packages(d, pam_libdir, '^pam(.*)\.so$', 'pam-plugin%s', 'PAM plugin for %s', extra_depends='') + do_split_packages(d, pam_libdir, '^pam(.*)\.la$', 'pam-plugin%s-dev', 'PAM plugin for %s dev', extra_depends='') + if os.path.exists(pam_libdirdebug): + do_split_packages(d, pam_libdirdebug, '^pam(.*)\.so$', 'pam-plugin%s-dbg', 'PAM plugin for %s debugging symbols', extra_depends='') + do_split_packages(d, pam_filterdir, '^(.*)$', 'pam-filter-%s', 'PAM filter for %s', extra_depends='') + + pn = bb.data.getVar('PN', d, 1) + metapkg = pn + '-meta' + bb.data.setVar('ALLOW_EMPTY_' + metapkg, "1", d) + bb.data.setVar('FILES_' + metapkg, "", d) + blacklist = [ pn + '-locale', pn + '-dev', pn + '-dbg', pn + '-doc' ] + metapkg_rdepends = [] + packages = bb.data.getVar('PACKAGES', d, 1).split() + for pkg in packages[1:]: + if not pkg in blacklist and not pkg in metapkg_rdepends and not pkg.endswith('-dev') and not pkg.count('locale') and pkg.count('plugin'): + metapkg_rdepends.append(pkg) + bb.data.setVar('RDEPENDS_' + metapkg, ' '.join(metapkg_rdepends), d) + bb.data.setVar('DESCRIPTION_' + metapkg, pn + ' meta package', d) + packages.append(metapkg) + bb.data.setVar('PACKAGES', ' '.join(packages), d) +} + +do_stage() { + autotools_stage_all +} -- cgit v1.2.3 From 6367d91cf4e9e2fea3b49da50384648e270e27bb Mon Sep 17 00:00:00 2001 From: Henning Heinold Date: Tue, 24 Nov 2009 22:35:14 +0100 Subject: libpam: fix building on uClibc * brink back nis disable patch * fix a cut and paste bug when nls disabled * disable modules uClibc dont support * bump PR --- .../pam/libpam-1.1.0/disable_modules_uclibc.patch | 16 ++ recipes/pam/libpam-1.1.0/fix_disabled_nls.patch | 13 ++ .../libpam-1.1.0/pam-disable-nis-on-uclibc.patch | 251 +++++++++++++++++++++ recipes/pam/libpam_1.1.0.bb | 20 +- 4 files changed, 292 insertions(+), 8 deletions(-) create mode 100644 recipes/pam/libpam-1.1.0/disable_modules_uclibc.patch create mode 100644 recipes/pam/libpam-1.1.0/fix_disabled_nls.patch create mode 100644 recipes/pam/libpam-1.1.0/pam-disable-nis-on-uclibc.patch (limited to 'recipes/pam') diff --git a/recipes/pam/libpam-1.1.0/disable_modules_uclibc.patch b/recipes/pam/libpam-1.1.0/disable_modules_uclibc.patch new file mode 100644 index 0000000000..14cc60aacd --- /dev/null +++ b/recipes/pam/libpam-1.1.0/disable_modules_uclibc.patch @@ -0,0 +1,16 @@ +Index: Linux-PAM-1.1.0/modules/Makefile.am +=================================================================== +--- Linux-PAM-1.1.0.orig/modules/Makefile.am 2008-11-28 15:29:12.000000000 +0100 ++++ Linux-PAM-1.1.0/modules/Makefile.am 2009-11-24 22:28:13.248314306 +0100 +@@ -7,9 +7,9 @@ + pam_group pam_issue pam_keyinit pam_lastlog pam_limits \ + pam_listfile pam_localuser pam_loginuid pam_mail \ + pam_mkhomedir pam_motd pam_namespace pam_nologin \ +- pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \ ++ pam_permit pam_rhosts pam_rootok pam_securetty \ + pam_selinux pam_sepermit pam_shells pam_stress \ +- pam_succeed_if pam_tally pam_tally2 pam_time pam_timestamp \ ++ pam_succeed_if pam_tally pam_tally2 pam_time \ + pam_tty_audit pam_umask \ + pam_unix pam_userdb pam_warn pam_wheel pam_xauth + diff --git a/recipes/pam/libpam-1.1.0/fix_disabled_nls.patch b/recipes/pam/libpam-1.1.0/fix_disabled_nls.patch new file mode 100644 index 0000000000..6c51752e21 --- /dev/null +++ b/recipes/pam/libpam-1.1.0/fix_disabled_nls.patch @@ -0,0 +1,13 @@ +Index: Linux-PAM-1.1.0/modules/pam_lastlog/pam_lastlog.c +=================================================================== +--- Linux-PAM-1.1.0.orig/modules/pam_lastlog/pam_lastlog.c 2009-11-24 21:47:00.208561627 +0100 ++++ Linux-PAM-1.1.0/modules/pam_lastlog/pam_lastlog.c 2009-11-24 21:47:27.385225592 +0100 +@@ -471,7 +471,7 @@ + failed), + failed); + #else +- if (daysleft == 1) ++ if (failed == 1) + retval = asprintf(&line, + _("There was %d failed login attempt since the last successful login."), + failed); diff --git a/recipes/pam/libpam-1.1.0/pam-disable-nis-on-uclibc.patch b/recipes/pam/libpam-1.1.0/pam-disable-nis-on-uclibc.patch new file mode 100644 index 0000000000..258166cc52 --- /dev/null +++ b/recipes/pam/libpam-1.1.0/pam-disable-nis-on-uclibc.patch @@ -0,0 +1,251 @@ +Index: Linux-PAM-1.0.2/Makefile.in +=================================================================== +--- Linux-PAM-1.0.2.orig/Makefile.in 2008-08-29 01:14:12.000000000 -0700 ++++ Linux-PAM-1.0.2/Makefile.in 2009-09-04 01:06:22.571466501 -0700 +@@ -71,8 +71,7 @@ + distclean-recursive maintainer-clean-recursive + ETAGS = etags + CTAGS = ctags +-DIST_SUBDIRS = libpam tests libpamc libpam_misc modules po conf doc \ +- examples xtests ++DIST_SUBDIRS = libpam libpamc libpam_misc modules po conf + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + distdir = $(PACKAGE)-$(VERSION) + top_distdir = $(distdir) +@@ -244,8 +243,8 @@ + top_builddir = @top_builddir@ + top_srcdir = @top_srcdir@ + AUTOMAKE_OPTIONS = 1.9 gnu dist-bzip2 check-news +-@STATIC_MODULES_FALSE@SUBDIRS = libpam tests libpamc libpam_misc modules po conf doc examples xtests +-@STATIC_MODULES_TRUE@SUBDIRS = modules libpam libpamc libpam_misc tests po conf doc examples xtests ++@STATIC_MODULES_FALSE@SUBDIRS = libpam libpamc libpam_misc modules po conf ++@STATIC_MODULES_TRUE@SUBDIRS = modules libpam libpamc libpam_misc po conf + CLEANFILES = *~ + M4_FILES = m4/codeset.m4 m4/gettext.m4 m4/glibc21.m4 m4/glibc2.m4 \ + m4/iconv.m4 m4/intdiv0.m4 m4/intmax.m4 m4/inttypes_h.m4 \ +Index: Linux-PAM-1.0.2/modules/pam_access/pam_access.c +=================================================================== +--- Linux-PAM-1.0.2.orig/modules/pam_access/pam_access.c 2007-12-07 07:40:01.000000000 -0800 ++++ Linux-PAM-1.0.2/modules/pam_access/pam_access.c 2009-09-04 01:06:22.575455835 -0700 +@@ -41,7 +41,11 @@ + #include + #include + #include ++ ++#ifdef NIS + #include ++#endif ++ + #include + #include + #include +@@ -479,8 +483,9 @@ + char *mydomain = NULL; + int retval; + ++#ifdef NIS + yp_get_default_domain(&mydomain); +- ++#endif + + retval = innetgr (netgroup, machine, user, mydomain); + if (debug == YES) +Index: Linux-PAM-1.0.2/modules/pam_unix/Makefile.am +=================================================================== +--- Linux-PAM-1.0.2.orig/modules/pam_unix/Makefile.am 2008-02-29 07:22:03.000000000 -0800 ++++ Linux-PAM-1.0.2/modules/pam_unix/Makefile.am 2009-09-04 01:09:46.519457167 -0700 +@@ -32,7 +32,7 @@ + + securelib_LTLIBRARIES = pam_unix.la + +-noinst_HEADERS = md5.h support.h yppasswd.h bigcrypt.h passverify.h ++noinst_HEADERS = md5.h support.h bigcrypt.h passverify.h + + sbin_PROGRAMS = unix_chkpwd unix_update + +@@ -40,7 +40,7 @@ + + pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \ + pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \ +- passverify.c yppasswd_xdr.c md5_good.c md5_broken.c ++ passverify.c md5_good.c md5_broken.c + + bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c + bigcrypt_CFLAGS = $(AM_CFLAGS) +Index: Linux-PAM-1.0.2/modules/pam_unix/Makefile.in +=================================================================== +--- Linux-PAM-1.0.2.orig/modules/pam_unix/Makefile.in 2008-08-29 01:14:10.000000000 -0700 ++++ Linux-PAM-1.0.2/modules/pam_unix/Makefile.in 2009-09-04 01:13:42.939510044 -0700 +@@ -74,7 +74,7 @@ + pam_unix_la_DEPENDENCIES = + am_pam_unix_la_OBJECTS = bigcrypt.lo pam_unix_acct.lo pam_unix_auth.lo \ + pam_unix_passwd.lo pam_unix_sess.lo support.lo passverify.lo \ +- yppasswd_xdr.lo md5_good.lo md5_broken.lo ++ md5_good.lo md5_broken.lo + pam_unix_la_OBJECTS = $(am_pam_unix_la_OBJECTS) + pam_unix_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ +@@ -310,10 +310,10 @@ + @LIBCRYPT@ @LIBSELINUX@ + + securelib_LTLIBRARIES = pam_unix.la +-noinst_HEADERS = md5.h support.h yppasswd.h bigcrypt.h passverify.h ++noinst_HEADERS = md5.h support.h bigcrypt.h passverify.h + pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \ + pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \ +- passverify.c yppasswd_xdr.c md5_good.c md5_broken.c ++ passverify.c md5_good.c md5_broken.c + + bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c + bigcrypt_CFLAGS = $(AM_CFLAGS) +@@ -465,7 +465,6 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unix_update-md5_good.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unix_update-passverify.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unix_update-unix_update.Po@am__quote@ +-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/yppasswd_xdr.Plo@am__quote@ + + .c.o: + @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +Index: Linux-PAM-1.0.2/modules/pam_unix/pam_unix_passwd.c +=================================================================== +--- Linux-PAM-1.0.2.orig/modules/pam_unix/pam_unix_passwd.c 2008-02-29 07:22:03.000000000 -0800 ++++ Linux-PAM-1.0.2/modules/pam_unix/pam_unix_passwd.c 2009-09-04 01:06:22.579455994 -0700 +@@ -55,8 +55,11 @@ + #include + #include + #include ++ ++#ifdef NIS + #include + #include ++#endif + + #include + #include +@@ -77,7 +80,10 @@ + #include + #include + ++#ifdef NIS + #include "yppasswd.h" ++#endif ++ + #include "md5.h" + #include "support.h" + #include "passverify.h" +@@ -105,6 +111,7 @@ + + static char *getNISserver(pam_handle_t *pamh) + { ++#ifdef NIS + char *master; + char *domainname; + int port, err; +@@ -131,6 +138,9 @@ + return NULL; + } + return master; ++#else ++ return NULL; ++#endif + } + + #ifdef WITH_SELINUX +@@ -301,6 +311,7 @@ + + if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, forwho, 0, 1)) { + if ((master=getNISserver(pamh)) != NULL) { ++#ifdef NIS + struct timeval timeout; + struct yppasswd yppwd; + CLIENT *clnt; +@@ -362,6 +373,7 @@ + #ifdef DEBUG + sleep(5); + #endif ++#endif + } else { + retval = PAM_TRY_AGAIN; + } +Index: Linux-PAM-1.0.2/modules/pam_unix/support.c +=================================================================== +--- Linux-PAM-1.0.2.orig/modules/pam_unix/support.c 2008-01-23 07:35:13.000000000 -0800 ++++ Linux-PAM-1.0.2/modules/pam_unix/support.c 2009-09-04 01:06:22.579455994 -0700 +@@ -19,7 +19,10 @@ + #include + #include + #include ++ ++#ifdef NIS + #include ++#endif + + #include + #include +@@ -266,6 +269,7 @@ + if (!matched && nis) { + char *userinfo = NULL, *domain = NULL; + int len = 0, i; ++#ifdef NIS + len = yp_get_default_domain(&domain); + if (len == YPERR_SUCCESS) { + len = yp_bind(domain); +@@ -280,6 +284,7 @@ + matched = 1; + } + } ++#endif + } + + if (matched && (ret != NULL)) { +Index: Linux-PAM-1.0.2/modules/pam_unix/yppasswd.h +=================================================================== +--- Linux-PAM-1.0.2.orig/modules/pam_unix/yppasswd.h 2000-06-20 15:12:08.000000000 -0700 ++++ Linux-PAM-1.0.2/modules/pam_unix/yppasswd.h 2009-09-04 01:06:22.579455994 -0700 +@@ -13,6 +13,8 @@ + #ifndef _YPPASSWD_H_ + #define _YPPASSWD_H_ + ++#ifdef NIS ++ + #define YPPASSWDPROG ((u_long)100009) + #define YPPASSWDVERS ((u_long)1) + #define YPPASSWDPROC_UPDATE ((u_long)1) +@@ -48,4 +50,6 @@ + bool_t xdr_xpasswd(XDR * xdrs, xpasswd * objp); + bool_t xdr_yppasswd(XDR * xdrs, yppasswd * objp); + ++#endif ++ + #endif /* _YPPASSWD_H_ */ +Index: Linux-PAM-1.0.2/modules/pam_unix/yppasswd_xdr.c +=================================================================== +--- Linux-PAM-1.0.2.orig/modules/pam_unix/yppasswd_xdr.c 2005-07-20 02:46:19.000000000 -0700 ++++ Linux-PAM-1.0.2/modules/pam_unix/yppasswd_xdr.c 2009-09-04 01:06:22.579455994 -0700 +@@ -10,6 +10,8 @@ + * editied manually. + */ + ++#ifdef NIS ++ + #include "config.h" + + #include +@@ -36,3 +38,5 @@ + return xdr_string(xdrs, &objp->oldpass, ~0) + && xdr_xpasswd(xdrs, &objp->newpw); + } ++ ++#endif +Index: Linux-PAM-1.0.2/po/POTFILES.in +=================================================================== +--- Linux-PAM-1.0.2.orig/po/POTFILES.in 2008-02-13 06:39:41.000000000 -0800 ++++ Linux-PAM-1.0.2/po/POTFILES.in 2009-09-04 01:06:22.579455994 -0700 +@@ -85,7 +85,6 @@ + ./modules/pam_unix/passverify.c + ./modules/pam_unix/support.c + ./modules/pam_unix/unix_chkpwd.c +-./modules/pam_unix/yppasswd_xdr.c + ./modules/pam_userdb/pam_userdb.c + ./modules/pam_warn/pam_warn.c + ./modules/pam_wheel/pam_wheel.c diff --git a/recipes/pam/libpam_1.1.0.bb b/recipes/pam/libpam_1.1.0.bb index 32dc9e15cb..d974f4db4d 100644 --- a/recipes/pam/libpam_1.1.0.bb +++ b/recipes/pam/libpam_1.1.0.bb @@ -10,14 +10,12 @@ SECTION = "libs" PRIORITY = "optional" LICENSE = "GPLv2" -DEFAULT_PREFERENCE_libc-uclibc = "-1" - DEPENDS = "flex flex-native" # PAM is not a lot of use without configuration files and the plugins RRECOMMENDS_${PN} = "libpam-meta libpam-base-files" -PR = "r0" +PR = "r1" # The project is actually called Linux-PAM but that gives # a bad OE package name because of the upper case characters @@ -26,9 +24,18 @@ p = "${pn}-${PV}" S = "${WORKDIR}/${p}" SRC_URI = "${KERNELORG_MIRROR}/pub/linux/libs/pam/library/${p}.tar.bz2 \ - file://pam-nodocs.patch;patch=1 " + file://pam-nodocs.patch;patch=1 \ + file://fix_disabled_nls.patch;patch=1 \ + " + +UCLIBC_PATCHES = " file://pam-disable-nis-on-uclibc.patch;patch=1 \ + file://disable_modules_uclibc.patch;patch=1 \ + " -inherit autotools +SRC_URI_append_linux-uclibc = ${UCLIBC_PATCHES} +SRC_URI_append_linux-uclibceabi = ${UCLIBC_PATCHES} + +inherit autotools gettext LEAD_SONAME = "libpam.so.*" @@ -65,6 +72,3 @@ python populate_packages_prepend () { bb.data.setVar('PACKAGES', ' '.join(packages), d) } -do_stage() { - autotools_stage_all -} -- cgit v1.2.3 From 035b4d579ce18e89a01180e602c83e82ccf8ca47 Mon Sep 17 00:00:00 2001 From: Koen Kooi Date: Wed, 25 Nov 2009 11:48:03 +0100 Subject: libpam-base-files: polkit is provided by policykit itself --- recipes/pam/libpam-base-files.bb | 2 +- recipes/pam/libpam-base-files/pam.d/polkit | 6 ------ 2 files changed, 1 insertion(+), 7 deletions(-) delete mode 100644 recipes/pam/libpam-base-files/pam.d/polkit (limited to 'recipes/pam') diff --git a/recipes/pam/libpam-base-files.bb b/recipes/pam/libpam-base-files.bb index 0fa11d8051..52d762202e 100644 --- a/recipes/pam/libpam-base-files.bb +++ b/recipes/pam/libpam-base-files.bb @@ -6,7 +6,7 @@ LICENSE = "GPLv2" DEPENDS = "" RDEPENDS = "libpam" -PR = "r1" +PR = "r2" SRC_URI = " \ file://pam.d/* \ diff --git a/recipes/pam/libpam-base-files/pam.d/polkit b/recipes/pam/libpam-base-files/pam.d/polkit deleted file mode 100644 index 836b53d61a..0000000000 --- a/recipes/pam/libpam-base-files/pam.d/polkit +++ /dev/null @@ -1,6 +0,0 @@ -#%PAM-1.0 - -auth include common-auth -account include common-account -password include common-password -session include common-session -- cgit v1.2.3