Message ID | 1458128750-14967-1-git-send-email-niranjan.reddy@rockwellcollins.com |
---|---|
State | Superseded |
Headers | show |
Niranjan, On Wed, Mar 16, 2016 at 6:45 AM, Niranjan Reddy <niranjan.reddy@rockwellcollins.com> wrote: > From: Niranjan <niranjan.reddy@rockwellcollins.com> > > This patch creates system-auth.pamd file for pam services > and adds host-linux-pam variant for creating pam.d files. > > Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> > Reviewed-by: Samuel Martin <s.martin49@gmail.com> > Signed-off-by: Niranjan Reddy <niranjan.reddy@rockwellcollins.com> > > --- > Changes v10 -> v11: > - Added host-linux-pam variant as it is the dependency for creating pam_conv1 files. > - Removed semicolon at the end of if condition (after fi). > - Merged system auth patch with host selinux dependencies patch > > Changes v9 -> v10: > - Dropped host linux-pam variant,optional selinux and audit dependencies and created seperate > Patches (Suggedted by Thomas). > > Changes v8 -> v9: > - No changes > > Changes v7 -> v8: > - Removed sub-shell around the config file install block and > refactored the block to use absolute paths for the copying > (Suggested by Samuel) > - Changed the enable-db=no configure option to disable-db to be > consistent with the rest of the configure options (Suggested by > Samuel) > > Changes v6 -> v7: > - Added missing host-pkgconf dependency and removed unneeded > host-autoconf dependency(Clayton S.) > > Changes v5 -> v6: > - No changes > > Changes v4 -> v5: > - Dropping unneeded patch (Clayton S.) > > Changes v1 -> v4: > - Did not exist > --- > package/linux-pam/linux-pam.mk | 41 +++++++++++++++++++++++++++++++++++++- > package/linux-pam/system-auth.pamd | 15 ++++++++++++++ > 2 files changed, 55 insertions(+), 1 deletion(-) > create mode 100644 package/linux-pam/system-auth.pamd > > diff --git a/package/linux-pam/linux-pam.mk b/package/linux-pam/linux-pam.mk > index 55a1024..ea650de 100644 > --- a/package/linux-pam/linux-pam.mk > +++ b/package/linux-pam/linux-pam.mk > @@ -8,15 +8,18 @@ LINUX_PAM_VERSION = 1.1.8 > LINUX_PAM_SOURCE = Linux-PAM-$(LINUX_PAM_VERSION).tar.bz2 > LINUX_PAM_SITE = http://linux-pam.org/library > LINUX_PAM_INSTALL_STAGING = YES > +# disable cracklib in linux pam config options > LINUX_PAM_CONF_OPTS = \ > --disable-prelude \ > --disable-isadir \ > --disable-nis \ > --disable-db \ > + --disable-cracklib \ > --disable-regenerate-docu \ > --enable-securedir=/lib/security \ > --libdir=/lib > -LINUX_PAM_DEPENDENCIES = flex host-flex host-pkgconf > +# host-linux-pam is needed for creating pam conf files > +LINUX_PAM_DEPENDENCIES = flex host-flex host-pkgconf host-linux-pam > LINUX_PAM_AUTORECONF = YES > LINUX_PAM_LICENSE = BSD-3c > LINUX_PAM_LICENSE_FILES = Copyright > @@ -46,6 +49,42 @@ define LINUX_PAM_INSTALL_CONFIG I believe there was a recent commit that created a conflict in this file for this patch. Please review the following email thread and look at the latest content on buildroot master for package/linux-pam.mk. http://permalink.gmane.org/gmane.comp.lib.uclibc.buildroot/144826 > $(TARGET_DIR)/etc/pam.d/other > endef > > +# Use the host-pam pam_conv1 app to create the pam.d files > +define LINUX_PAM_CONFIG_FILE_TARGET_INSTALL > + if [ -d $(TARGET_DIR)/etc/pam.d/ ]; then \ > + mv $(TARGET_DIR)/etc/pam.d/ $(TARGET_DIR)/etc/pam.d.orig/; \ > + fi > + cd $(TARGET_DIR)/etc/ && cat $(@D)/conf/pam.conf | $(HOST_DIR)/usr/bin/pam_conv1; \ > + if [ -d $(TARGET_DIR)/etc/pam.d.orig ]; then \ > + cp -a $(TARGET_DIR)/etc/pam.d/* $(TARGET_DIR)/etc/pam.d.orig/; \ > + rm -rf $(TARGET_DIR)/etc/pam.d/; \ > + mv $(TARGET_DIR)/etc/pam.d.orig/ $(TARGET_DIR)/etc/pam.d/; \ > + fi > + $(INSTALL) -D -m 0644 package/linux-pam/system-auth.pamd $(TARGET_DIR)/etc/pam.d/system-auth > +endef > + > +LINUX_PAM_POST_INSTALL_TARGET_HOOKS += LINUX_PAM_CONFIG_FILE_TARGET_INSTALL > LINUX_PAM_POST_INSTALL_TARGET_HOOKS += LINUX_PAM_INSTALL_CONFIG > > +HOST_LINUX_PAM_DEPENDENCIES = host-flex host-pkgconf > + > +HOST_LINUX_PAM_CONF_OPTS = \ > + --disable-rpath \ > + --enable-read-both-confs \ > + --disable-regenerate-docu \ > + --disable-isadir \ > + --disable-nis \ > + --enable-securedir=/lib/security \ > + --disable-prelude \ > + --disable-cracklib \ > + --disable-lckpwdf \ > + --disable-db \ > + --disable-selinux \ > + --disable-audit \ > + > +define HOST_LINUX_PAM_INSTALL_CMDS > + $(INSTALL) -D -m 755 $(@D)/conf/pam_conv1/pam_conv1 $(HOST_DIR)/usr/bin/pam_conv1 > +endef > + > $(eval $(autotools-package)) > +$(eval $(host-autotools-package)) > diff --git a/package/linux-pam/system-auth.pamd b/package/linux-pam/system-auth.pamd > new file mode 100644 > index 0000000..2fa116a > --- /dev/null > +++ b/package/linux-pam/system-auth.pamd > @@ -0,0 +1,15 @@ > +#%PAM-1.0 > +auth required pam_env.so > +auth sufficient pam_unix.so > +auth required pam_deny.so > + > +account required pam_unix.so > + > +#password required pam_cracklib.so try_first_pass retry=3 > +password sufficient pam_unix.so md5 shadow try_first_pass > +password required pam_deny.so > + > +session optional pam_keyinit.so revoke > +session required pam_limits.so > +session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid > +session required pam_unix.so > -- > 2.5.0 > > _______________________________________________ > buildroot mailing list > buildroot@busybox.net > http://lists.busybox.net/mailman/listinfo/buildroot
diff --git a/package/linux-pam/linux-pam.mk b/package/linux-pam/linux-pam.mk index 55a1024..ea650de 100644 --- a/package/linux-pam/linux-pam.mk +++ b/package/linux-pam/linux-pam.mk @@ -8,15 +8,18 @@ LINUX_PAM_VERSION = 1.1.8 LINUX_PAM_SOURCE = Linux-PAM-$(LINUX_PAM_VERSION).tar.bz2 LINUX_PAM_SITE = http://linux-pam.org/library LINUX_PAM_INSTALL_STAGING = YES +# disable cracklib in linux pam config options LINUX_PAM_CONF_OPTS = \ --disable-prelude \ --disable-isadir \ --disable-nis \ --disable-db \ + --disable-cracklib \ --disable-regenerate-docu \ --enable-securedir=/lib/security \ --libdir=/lib -LINUX_PAM_DEPENDENCIES = flex host-flex host-pkgconf +# host-linux-pam is needed for creating pam conf files +LINUX_PAM_DEPENDENCIES = flex host-flex host-pkgconf host-linux-pam LINUX_PAM_AUTORECONF = YES LINUX_PAM_LICENSE = BSD-3c LINUX_PAM_LICENSE_FILES = Copyright @@ -46,6 +49,42 @@ define LINUX_PAM_INSTALL_CONFIG $(TARGET_DIR)/etc/pam.d/other endef +# Use the host-pam pam_conv1 app to create the pam.d files +define LINUX_PAM_CONFIG_FILE_TARGET_INSTALL + if [ -d $(TARGET_DIR)/etc/pam.d/ ]; then \ + mv $(TARGET_DIR)/etc/pam.d/ $(TARGET_DIR)/etc/pam.d.orig/; \ + fi + cd $(TARGET_DIR)/etc/ && cat $(@D)/conf/pam.conf | $(HOST_DIR)/usr/bin/pam_conv1; \ + if [ -d $(TARGET_DIR)/etc/pam.d.orig ]; then \ + cp -a $(TARGET_DIR)/etc/pam.d/* $(TARGET_DIR)/etc/pam.d.orig/; \ + rm -rf $(TARGET_DIR)/etc/pam.d/; \ + mv $(TARGET_DIR)/etc/pam.d.orig/ $(TARGET_DIR)/etc/pam.d/; \ + fi + $(INSTALL) -D -m 0644 package/linux-pam/system-auth.pamd $(TARGET_DIR)/etc/pam.d/system-auth +endef + +LINUX_PAM_POST_INSTALL_TARGET_HOOKS += LINUX_PAM_CONFIG_FILE_TARGET_INSTALL LINUX_PAM_POST_INSTALL_TARGET_HOOKS += LINUX_PAM_INSTALL_CONFIG +HOST_LINUX_PAM_DEPENDENCIES = host-flex host-pkgconf + +HOST_LINUX_PAM_CONF_OPTS = \ + --disable-rpath \ + --enable-read-both-confs \ + --disable-regenerate-docu \ + --disable-isadir \ + --disable-nis \ + --enable-securedir=/lib/security \ + --disable-prelude \ + --disable-cracklib \ + --disable-lckpwdf \ + --disable-db \ + --disable-selinux \ + --disable-audit \ + +define HOST_LINUX_PAM_INSTALL_CMDS + $(INSTALL) -D -m 755 $(@D)/conf/pam_conv1/pam_conv1 $(HOST_DIR)/usr/bin/pam_conv1 +endef + $(eval $(autotools-package)) +$(eval $(host-autotools-package)) diff --git a/package/linux-pam/system-auth.pamd b/package/linux-pam/system-auth.pamd new file mode 100644 index 0000000..2fa116a --- /dev/null +++ b/package/linux-pam/system-auth.pamd @@ -0,0 +1,15 @@ +#%PAM-1.0 +auth required pam_env.so +auth sufficient pam_unix.so +auth required pam_deny.so + +account required pam_unix.so + +#password required pam_cracklib.so try_first_pass retry=3 +password sufficient pam_unix.so md5 shadow try_first_pass +password required pam_deny.so + +session optional pam_keyinit.so revoke +session required pam_limits.so +session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid +session required pam_unix.so