diff options
author | Martin Schlemmer <azarah@gentoo.org> | 2005-02-09 17:39:13 +0000 |
---|---|---|
committer | Martin Schlemmer <azarah@gentoo.org> | 2005-02-09 17:39:13 +0000 |
commit | 37077f96b1f1364177faf8477798ba2c0bf71c06 (patch) | |
tree | c460f63589a35a0dba23df1772e382e45e216e1b /sys-libs/pam | |
parent | ~amd64 (diff) | |
download | historical-37077f96b1f1364177faf8477798ba2c0bf71c06.tar.gz historical-37077f96b1f1364177faf8477798ba2c0bf71c06.tar.bz2 historical-37077f96b1f1364177faf8477798ba2c0bf71c06.zip |
Add README.pam_console, bug #73677. Fix Selinux patch applying, bug #80948.
Package-Manager: portage-2.0.51-r15
Diffstat (limited to 'sys-libs/pam')
-rw-r--r-- | sys-libs/pam/Manifest | 23 | ||||
-rw-r--r-- | sys-libs/pam/files/README.pam_console | 58 | ||||
-rw-r--r-- | sys-libs/pam/files/digest-pam-0.77-r8 | 3 | ||||
-rw-r--r-- | sys-libs/pam/pam-0.77-r8.ebuild | 310 |
4 files changed, 384 insertions, 10 deletions
diff --git a/sys-libs/pam/Manifest b/sys-libs/pam/Manifest index 06fbcecb2b6c..cf0139c6e2ae 100644 --- a/sys-libs/pam/Manifest +++ b/sys-libs/pam/Manifest @@ -1,21 +1,24 @@ -MD5 5462f6b2e49ddb6a0e9083bf75aba000 ChangeLog 9373 -MD5 737b1d219c8d599538c7d61dc396b94d pam-0.77-r1.ebuild 7480 MD5 98613a823c89c1040860b92880332f9d pam-0.77-r3.ebuild 7813 -MD5 cb547fcc1f1893c82cbf6edcd41a2258 pam-0.77-r2.ebuild 7764 +MD5 737b1d219c8d599538c7d61dc396b94d pam-0.77-r1.ebuild 7480 +MD5 5462f6b2e49ddb6a0e9083bf75aba000 ChangeLog 9373 +MD5 ac45aab13da90aae9947ed2a112ad9a4 pam-0.77.ebuild 7429 MD5 4f5534ef7373dae1e7e4174e1b015542 pam-0.77-r4.ebuild 7814 +MD5 ea250586717aadc59bd7058d24741bf0 pam-0.77-r7.ebuild 8051 MD5 5236b3cdb8926f86382225b63b23d391 pam-0.77-r6.ebuild 7844 -MD5 ac45aab13da90aae9947ed2a112ad9a4 pam-0.77.ebuild 7429 MD5 1d05f0436f1c273d7862099f309afe4d metadata.xml 156 -MD5 ea250586717aadc59bd7058d24741bf0 pam-0.77-r7.ebuild 8051 -MD5 028c285db4076f549774c258d0eddcfc files/digest-pam-0.77-r1 201 -MD5 7abfe66b5996b628696d244d462e47b0 files/digest-pam-0.77-r2 201 -MD5 7abfe66b5996b628696d244d462e47b0 files/digest-pam-0.77-r3 201 +MD5 e0629d9c2cc1a9264689be2c9103e1ca pam-0.77-r8.ebuild 8134 +MD5 cb547fcc1f1893c82cbf6edcd41a2258 pam-0.77-r2.ebuild 7764 MD5 d3bdcb58b9fe268620b2c37b9b07d756 files/pam_env.conf 3062 +MD5 7abfe66b5996b628696d244d462e47b0 files/digest-pam-0.77-r3 201 +MD5 028c285db4076f549774c258d0eddcfc files/digest-pam-0.77-r1 201 MD5 c0fd7f7bf69f4f0effdfc66eed6d6ed2 files/digest-pam-0.77-r4 201 -MD5 b38aa656e6c205427dd4c4ba7d6d3f97 files/digest-pam-0.77-r6 201 -MD5 41e8f5fddbc8e00ebfdc3aeadbf7c50e files/digest-pam-0.77-r7 201 MD5 028c285db4076f549774c258d0eddcfc files/digest-pam-0.77 201 +MD5 41e8f5fddbc8e00ebfdc3aeadbf7c50e files/digest-pam-0.77-r7 201 +MD5 693d0527279f95e01ad9a5ba6ef45389 files/digest-pam-0.77-r8 201 +MD5 b38aa656e6c205427dd4c4ba7d6d3f97 files/digest-pam-0.77-r6 201 +MD5 0044f2b0098d7a94664bd8ae7776029d files/README.pam_console 2102 MD5 69f8cfad7f241eb669085eaa753cd9dd files/pam-0.77-console-reset.patch 1826 +MD5 7abfe66b5996b628696d244d462e47b0 files/digest-pam-0.77-r2 201 MD5 849aa086002eda305d4d6d59a94fadd8 files/pam.d/rexec 457 MD5 ec3d6de902670c90897507f4a098f668 files/pam.d/rlogin 580 MD5 7b9d8d0930734500608538c166d0179a files/pam.d/rsh 445 diff --git a/sys-libs/pam/files/README.pam_console b/sys-libs/pam/files/README.pam_console new file mode 100644 index 000000000000..27442c8997de --- /dev/null +++ b/sys-libs/pam/files/README.pam_console @@ -0,0 +1,58 @@ +Introduction +============ + +pam_console is a module for PAM (Pluggable Authentication Modules) designed to +give users that log locally in a system ("owning the console" in technical +terms) privileges that they would not otherwise have, and to take those +privileges away when they are no longer logged in. + +When a user logs in at the console and no other user is currently logged in, +pam_console will change permissions and ownership of some of the device files, +to allow, for instance, access to the audio devices, or to the cdrom drives. +Those permissions are read from a configuration file +(/etc/security/console.perms). + +To know more about pam_console, run 'man pam_console' and 'man console.perms'. + + +Gentoo and pam_console +====================== + +In a Gentoo system pam_console is disabled by default, and users are allowed +to access specific devices if they are member of particular groups (e.g. they +have to be members of the audio group to access audio devices). + +However, Gentoo gives you the possibility to enable pam_console, you just have +to follow these advices: + +1) In /etc/pam.d/system-auth, add the following line: + + session optional /lib/security/pam_console.so + + Thus, pam_console will apply permissions from /etc/security/console.perms + when you log in. + +2) If you're using devfs, add the following lines in /etc/devfsd.conf: + + REGISTER .* CFUNCTION /lib/security/pam_console_apply_devfsd.so\ + pam_console_apply_single $devpath + + In this way, permissions from /etc/security/console.perms will be applied + also to those devices that are created dynamically. + +3) If you're using udev, create a file in /etc/dev.d/default/ ending with + '.dev', for instance /etc/dev.d/default/pam_console.dev, containing the + following lines: + + #!/bin/sh + exec /sbin/pam_console_apply + + and make it executable: + + chmod +x /etc/dev.d/default/pam_console.dev + + In this way, pam_console will reevaluate permissions from + /etc/security/console.perms each time a device is dynamically created. + +4) Tweak /etc/security/console.perms to your own needs. + diff --git a/sys-libs/pam/files/digest-pam-0.77-r8 b/sys-libs/pam/files/digest-pam-0.77-r8 new file mode 100644 index 000000000000..222ac5b0c5c9 --- /dev/null +++ b/sys-libs/pam/files/digest-pam-0.77-r8 @@ -0,0 +1,3 @@ +MD5 be5a470e553ba71c20e9bbc7665f3754 Linux-PAM-0.77.tar.gz 442569 +MD5 5e9a2cb5730dfe5ded7fd20b49af2f07 pam-0.77-patches-1.9.tar.bz2 115014 +MD5 df71961002b552c0e72c6e4e358f27e1 db-4.1.25.tar.gz 3080234 diff --git a/sys-libs/pam/pam-0.77-r8.ebuild b/sys-libs/pam/pam-0.77-r8.ebuild new file mode 100644 index 000000000000..e4afe31e629e --- /dev/null +++ b/sys-libs/pam/pam-0.77-r8.ebuild @@ -0,0 +1,310 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/pam-0.77-r8.ebuild,v 1.1 2005/02/09 17:39:13 azarah Exp $ + +PATCH_LEVEL="1.9" +BDB_VER="4.1.25" +PAM_REDHAT_VER="0.77-4" + +RDEPEND=">=sys-libs/cracklib-2.7-r8 + selinux? ( sys-libs/libselinux ) + berkdb? ( >=sys-libs/db-${BDB_VER} )" + +DEPEND="${RDEPEND} + dev-lang/perl + =dev-libs/glib-1.2* + >=sys-devel/autoconf-2.59 + >=sys-devel/automake-1.6 + >=sys-devel/flex-2.5.4a-r5 + pwdb? ( >=sys-libs/pwdb-0.62 )" + +# Have python sandbox issues currently ... +# doc? ( app-text/sgmltools-lite ) + +# BDB is internalized to get a non-threaded lib for pam_userdb.so to +# be built with. The runtime-only dependency on BDB suggests the user +# will use the system-installed db_load to create pam_userdb databases. +# PWDB is internalized because it is specifically designed to work +# with Linux-PAM. I'm not really certain how pervasive the Radius +# and NIS services of PWDB are at this point. +# +# With all the arch's we support, I rather use external pwdb, and then +# link statically to it - <azarah@gentoo.org> (09 Nov 2003). + +#inherit needs to be after DEPEND definition to protect RDEPEND +inherit gcc eutils flag-o-matic gnuconfig + +# Note that we link to static versions of glib (pam_console.so) +# and pwdb (pam_pwdb.so) ... + +HOMEPAGE="http://www.kernel.org/pub/linux/libs/pam/" +DESCRIPTION="Pluggable Authentication Modules" + +S="${WORKDIR}/Linux-PAM-${PV}" +S2="${WORKDIR}/pam-${PV}-patches" +SRC_URI="http://www.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-${PV}.tar.gz + mirror://gentoo/${P}-patches-${PATCH_LEVEL}.tar.bz2 + berkdb? ( http://www.sleepycat.com/update/snapshot/db-${BDB_VER}.tar.gz )" + +LICENSE="PAM" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="berkdb pwdb selinux" + +apply_pam_patches() { + local x= + local y= + local patches="${T}/patches.$$" + + for x in redhat gentoo + do + rm -f "${patches}" + + # Need to be a '| while read x', as some lines may have spaces ... + cat "${S2}/list.${x}-patches" | grep -v '^#' | grep -v '^$' | while read y + do + # Remove the 'Patch[0-9]*: ' from the redhat list + echo "${y}" | sed -e 's|^Patch.*: \(.*\)|\1|' >> "${patches}" + done + for y in $(cat "${patches}") + do + epatch "${S2}/${x}-patches/${y}" + done + done +} + +pkg_setup() { + local x= + + if use pwdb; then + for x in libpwdb.a libcrack.a; do + if [ ! -f "${ROOT}/usr/$(get_libdir)/${x}" ]; then + eerror "Could not find /usr/$(get_libdir)/${x} needed to build Linux-PAM!" + die "Could not find /usr/$(get_libdir)/${x} needed to build Linux-PAM!" + fi + done + fi + + return 0 +} + +src_unpack() { + unpack ${A} || die "Couldn't unpack ${A}" + + cd ${S} || die + tar -zxf ${S2}/pam-redhat-${PAM_REDHAT_VER}.tar.gz \ + || die "Couldn't unpack pam-redhat-${PAM_REDHAT_VER}.tar.gz" + + apply_pam_patches + + use selinux && epatch ${S2}/gentoo-patches/pam-selinux.patch + + for readme in modules/pam_*/README ; do + cp -f "${readme}" doc/txts/README.$(dirname "${readme}" | \ + sed -e 's|^modules/||') + done + + cp /usr/share/automake/install-sh . || die + export WANT_AUTOCONF=2.5 + autoconf || die +} + +src_compile() { + export CFLAGS="${CFLAGS} -fPIC" + + if use berkdb + then + einfo "Building Berkley DB ${BDB_VER}..." + cd ${WORKDIR} + cd db-${BDB_VER}/dist || die + + # Pam uses berkdb, which db-4.1.x series can't detect mips64, so we fix it + if use mips; then + einfo "Updating berkdb config.{guess,sub} for mips" + local OLDS="${S}" + S="${WORKDIR}/db-${BDB_VER}/dist" + gnuconfig_update + S="${OLDS}" + fi + + echo db_cv_mutex=UNIX/fcntl > config.cache + ./s_config + ./configure \ + --cache-file=config.cache \ + --disable-compat185 \ + --disable-cxx \ + --disable-diagnostic \ + --disable-dump185 \ + --disable-java \ + --disable-rpc \ + --disable-tcl \ + --disable-shared \ + --with-pic \ + --with-uniquename=_pam \ + --prefix=${S} \ + --includedir=${S}/include \ + --libdir=${S}/lib || die "Bad BDB ./configure" + + # XXX hack out O_DIRECT support in db4 for now. + perl -pi -e 's/#define HAVE_O_DIRECT 1/#undef HAVE_O_DIRECT/' \ + db_config.h + + make || die "BDB build failed" + make install || die + + export CPPFLAGS="-I${S}/include" + export LDFLAGS="-L${S}/lib" + export LIBNAME="lib" + fi + + if [ "${ARCH}" = "alpha" ] + then + if [ ! -z "$(strings -a /usr/lib/libglib.a | grep -i 'Compaq Computer Corp.')" ] + then + # should be LDFLAGS, but this configure is screwy. + echo + einfo "It looks like you compiled glib with ccc, this is okay, but" + einfo "I'll need to force gcc to link with libots...." + echo + append-flags -lots + sed -i -e 's/$(CC) -o/$(CC) -lots -o/g' ${S}/modules/pam_pwdb/Makefile + fi + fi + + einfo "Building Linux-PAM ${PV}..." + cd ${S} + ./configure \ + --libdir=/$(get_libdir) \ + --enable-static-libpam \ + --enable-fakeroot=${D} \ + --enable-isadir=/$(get_libdir)/security \ + --host=${CHOST} || die + + # Python stuff in docs gives sandbox problems + sed -i -e 's|modules doc examples|modules|' Makefile + + # Fix warnings for gcc-2.95.3 + if [ "$(gcc-version)" = "2.95" ] + then + sed -i -e "s:-Wpointer-arith::" Make.Rules + fi + + if ! use berkdb + then + # Do not build pam_userdb.so ... + sed -i -e "s:^HAVE_NDBM_H=yes:HAVE_NDBM_H=no:" \ + -e "s:^HAVE_LIBNDBM=yes:HAVE_LIBNDBM=no:" \ + -e "s:^HAVE_LIBDB=yes:HAVE_LIBDB=no:" \ + Make.Rules + + # Also edit the configuration file else the wrong include files + # get used + sed -i -e "s:^#define HAVE_NDBM_H.*$:/* #undef HAVE_NDBM_H */:" \ + -e "s:^#define HAVE_DB_H.*$:/* #undef HAVE_DB_H */:" \ + _pam_aconf.h + + else + # Do not link pam_userdb.so to db-1.85 ... + sed -i -e "s:^HAVE_NDBM_H=yes:HAVE_NDBM_H=no:" \ + -e "s:^HAVE_LIBNDBM=yes:HAVE_LIBNDBM=no:" \ + Make.Rules + + # Also edit the configuration file else the wrong include files + # get used + sed -i -e "s:^#define HAVE_NDBM_H.*$:/* #undef HAVE_NDBM_H */:" _pam_aconf.h + fi + + make || die "PAM build failed" +} + +src_install() { + local x= + + einfo "Installing Linux-PAM ${PV}..." + make FAKEROOT=${D} \ + LDCONFIG="" \ + install || die + + # Make sure every module built. + # Do not remove this, as some module can fail to build + # and effectively lock the user out of his system. + einfo "Checking if all modules were built..." + for x in ${S}/modules/pam_* + do + if [ -d ${x} ] + then + # Its OK if the module failed when we didnt ask for it anyway + if ! ls -1 ${D}/$(get_libdir)/security/$(basename ${x})*.so &> /dev/null + then + if ! use berkdb && [ "$(basename ${x})" = "pam_userdb" ] + then + continue + fi + if ! use pwdb && [ "$(basename ${x})" = "pam_pwdb" ] + then + continue + fi + if ! use pwdb && [ "$(basename ${x})" = "pam_radius" ] + then + continue + fi + eerror "ERROR: $(basename ${x}) module did not build." + exit 1 + else + # Remove the ones we didnt want if it ended up building ok anyways + if ! use berkdb && [ "$(basename ${x})" = "pam_userdb" ] + then + rm -f ${D}/$(get_libdir)/security/pam_userdb* + fi + if ! use pwdb && [ "$(basename ${x})" = "pam_pwdb" ] + then + rm -f ${D}/$(get_libdir)/security/pam_pwdb* + fi + if ! use pwdb && [ "$(basename ${x})" = "pam_radius" ] + then + rm -f ${D}/$(get_libdir)/security/pam_radius* + fi + fi + fi + done + + dodir /usr/$(get_libdir) + cd ${D}/$(get_libdir) + for x in pam pamc pam_misc + do + rm lib${x}.so + ln -s lib${x}.so.${PV} lib${x}.so + ln -s lib${x}.so.${PV} lib${x}.so.0 + mv lib${x}.a ${D}/usr/$(get_libdir) + # See bug #4411 + gen_usr_ldscript lib${x}.so + done + + cd ${S} + doman doc/man/*.[0-9] + + dodoc CHANGELOG Copyright README + docinto modules ; dodoc modules/README ; dodoc doc/txts/README.* + # Install our own README.pam_console + docinto ; dodoc ${FILESDIR}/README.pam_console + docinto txt ; dodoc doc/specs/*.txt #doc/txts/*.txt +# docinto print ; dodoc doc/ps/*.ps + +# docinto html +# dohtml -r doc/html/ + + # need this for pam_console + keepdir /var/run/console + + insinto /etc/pam.d + for x in ${FILESDIR}/pam.d/* + do + if [ -f ${x} ] + then + doins ${x} + fi + done + + insinto /etc/security + doins ${FILESDIR}/pam_env.conf +} |