diff options
author | Martin Schlemmer <azarah@gentoo.org> | 2005-02-25 20:31:28 +0000 |
---|---|---|
committer | Martin Schlemmer <azarah@gentoo.org> | 2005-02-25 20:31:28 +0000 |
commit | 5725e4888aca90ed48f105359aa07fa00ea755f1 (patch) | |
tree | f294cd0bc8adf2a6abbc4ad51e14b8fa2233ed3f /sys-libs/pam | |
parent | version bump (diff) | |
download | historical-5725e4888aca90ed48f105359aa07fa00ea755f1.tar.gz historical-5725e4888aca90ed48f105359aa07fa00ea755f1.tar.bz2 historical-5725e4888aca90ed48f105359aa07fa00ea755f1.zip |
Add patch from bug #80566 (by Mark Loeser <halcyon@whiterapid.com>). Added
workaround from bug #80604 (by Roland Bar <roland@pinguin.tv>). Force
locales to default, bug #70471 (by Alessandro Guido <devnull@box.it>). Fix
sound perms on pam_console_reset, bug #55305. Add patch for bug #62059 (by
Jason Fritcher <jkf@wolfnet.org>). Add pam_chroot, pam_console and
pam_timestamp USE flags for these optional modules
Package-Manager: portage-2.0.51-r15
Diffstat (limited to 'sys-libs/pam')
-rw-r--r-- | sys-libs/pam/ChangeLog | 14 | ||||
-rw-r--r-- | sys-libs/pam/Manifest | 10 | ||||
-rw-r--r-- | sys-libs/pam/files/README.pam_console | 2 | ||||
-rw-r--r-- | sys-libs/pam/files/digest-pam-0.78 | 3 | ||||
-rw-r--r-- | sys-libs/pam/files/pam.d/other | 9 | ||||
-rw-r--r-- | sys-libs/pam/files/pam.d/system-auth | 14 | ||||
-rw-r--r-- | sys-libs/pam/files/pam_env.conf | 12 | ||||
-rw-r--r-- | sys-libs/pam/pam-0.78.ebuild | 343 |
8 files changed, 395 insertions, 12 deletions
diff --git a/sys-libs/pam/ChangeLog b/sys-libs/pam/ChangeLog index dba2aacc6b0c..38d7c7b199d8 100644 --- a/sys-libs/pam/ChangeLog +++ b/sys-libs/pam/ChangeLog @@ -1,6 +1,18 @@ # ChangeLog for sys-libs/pam # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/ChangeLog,v 1.62 2005/02/04 00:22:15 azarah Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/ChangeLog,v 1.63 2005/02/25 20:31:28 azarah Exp $ + +*pam-0.78 (25 Feb 2005) + + 25 Feb 2005; Martin Schlemmer <azarah@gentoo.org> + files/README.pam_console, +files/pam.d/other, +files/pam.d/system-auth, + +pam-0.78.ebuild: + Add patch from bug #80566 (by Mark Loeser <halcyon@whiterapid.com>). Added + workaround from bug #80604 (by Roland Bar <roland@pinguin.tv>). Force + locales to default, bug #70471 (by Alessandro Guido <devnull@box.it>). Fix + sound perms on pam_console_reset, bug #55305. Add patch for bug #62059 (by + Jason Fritcher <jkf@wolfnet.org>). Add pam_chroot, pam_console and + pam_timestamp USE flags for these optional modules *pam-0.77-r7 (04 Feb 2005) diff --git a/sys-libs/pam/Manifest b/sys-libs/pam/Manifest index 1a5fe5d9353e..8bf1d97defd5 100644 --- a/sys-libs/pam/Manifest +++ b/sys-libs/pam/Manifest @@ -1,6 +1,6 @@ MD5 98613a823c89c1040860b92880332f9d pam-0.77-r3.ebuild 7813 MD5 737b1d219c8d599538c7d61dc396b94d pam-0.77-r1.ebuild 7480 -MD5 5462f6b2e49ddb6a0e9083bf75aba000 ChangeLog 9373 +MD5 d97609f2057921fd750bfafd1385b7f8 ChangeLog 9970 MD5 ac45aab13da90aae9947ed2a112ad9a4 pam-0.77.ebuild 7429 MD5 4f5534ef7373dae1e7e4174e1b015542 pam-0.77-r4.ebuild 7814 MD5 ea250586717aadc59bd7058d24741bf0 pam-0.77-r7.ebuild 8051 @@ -8,7 +8,8 @@ MD5 5236b3cdb8926f86382225b63b23d391 pam-0.77-r6.ebuild 7844 MD5 1d05f0436f1c273d7862099f309afe4d metadata.xml 156 MD5 9c0c3cf85b94ae623375fb05294b924a pam-0.77-r8.ebuild 8212 MD5 cb547fcc1f1893c82cbf6edcd41a2258 pam-0.77-r2.ebuild 7764 -MD5 d3bdcb58b9fe268620b2c37b9b07d756 files/pam_env.conf 3062 +MD5 058d55a26590c93cf1ceec86a27eda74 pam-0.78.ebuild 9623 +MD5 652f6b0ebdc63b0aa9ca6e1783c468a1 files/pam_env.conf 2980 MD5 7abfe66b5996b628696d244d462e47b0 files/digest-pam-0.77-r3 201 MD5 028c285db4076f549774c258d0eddcfc files/digest-pam-0.77-r1 201 MD5 c0fd7f7bf69f4f0effdfc66eed6d6ed2 files/digest-pam-0.77-r4 201 @@ -16,9 +17,12 @@ MD5 028c285db4076f549774c258d0eddcfc files/digest-pam-0.77 201 MD5 41e8f5fddbc8e00ebfdc3aeadbf7c50e files/digest-pam-0.77-r7 201 MD5 693d0527279f95e01ad9a5ba6ef45389 files/digest-pam-0.77-r8 201 MD5 b38aa656e6c205427dd4c4ba7d6d3f97 files/digest-pam-0.77-r6 201 -MD5 0044f2b0098d7a94664bd8ae7776029d files/README.pam_console 2102 +MD5 c3f9e8ddddd908bd83aa6859d279dd7d files/README.pam_console 2096 +MD5 92aced5acf4c59db3039da332ca1c47e files/digest-pam-0.78 200 MD5 69f8cfad7f241eb669085eaa753cd9dd files/pam-0.77-console-reset.patch 1826 MD5 7abfe66b5996b628696d244d462e47b0 files/digest-pam-0.77-r2 201 +MD5 344d17a865edc40adebe07797853c839 files/pam.d/other 198 MD5 849aa086002eda305d4d6d59a94fadd8 files/pam.d/rexec 457 MD5 ec3d6de902670c90897507f4a098f668 files/pam.d/rlogin 580 MD5 7b9d8d0930734500608538c166d0179a files/pam.d/rsh 445 +MD5 1baa646400c4a596290e9d4b9e1c09b2 files/pam.d/system-auth 491 diff --git a/sys-libs/pam/files/README.pam_console b/sys-libs/pam/files/README.pam_console index 27442c8997de..129f9aef9a3b 100644 --- a/sys-libs/pam/files/README.pam_console +++ b/sys-libs/pam/files/README.pam_console @@ -25,7 +25,7 @@ have to be members of the audio group to access audio devices). However, Gentoo gives you the possibility to enable pam_console, you just have to follow these advices: -1) In /etc/pam.d/system-auth, add the following line: +1) In /etc/pam.d/login, add the following line: session optional /lib/security/pam_console.so diff --git a/sys-libs/pam/files/digest-pam-0.78 b/sys-libs/pam/files/digest-pam-0.78 new file mode 100644 index 000000000000..0b473ad66ccf --- /dev/null +++ b/sys-libs/pam/files/digest-pam-0.78 @@ -0,0 +1,3 @@ +MD5 58cd055892e97648651d5a318888f3a0 Linux-PAM-0.78.tar.gz 488936 +MD5 6a411d2cd9438cef9bb0a1ec621ccb9a pam-0.78-patches-1.0.tar.bz2 88766 +MD5 fcc481d52c3b80e20a328f8c0cb042bd db-4.3.27.tar.gz 5921872 diff --git a/sys-libs/pam/files/pam.d/other b/sys-libs/pam/files/pam.d/other new file mode 100644 index 000000000000..a6a5605332dd --- /dev/null +++ b/sys-libs/pam/files/pam.d/other @@ -0,0 +1,9 @@ +#%PAM-1.0 + +auth required /lib/security/pam_deny.so + +account required /lib/security/pam_deny.so + +password required /lib/security/pam_deny.so + +session required /lib/security/pam_deny.so diff --git a/sys-libs/pam/files/pam.d/system-auth b/sys-libs/pam/files/pam.d/system-auth new file mode 100644 index 000000000000..795f0fe723f0 --- /dev/null +++ b/sys-libs/pam/files/pam.d/system-auth @@ -0,0 +1,14 @@ +#%PAM-1.0 + +auth required /lib/security/pam_env.so +auth sufficient /lib/security/pam_unix.so likeauth nullok +auth required /lib/security/pam_deny.so + +account required /lib/security/pam_unix.so + +password required /lib/security/pam_cracklib.so retry=3 +password sufficient /lib/security/pam_unix.so nullok md5 shadow use_authtok +password required /lib/security/pam_deny.so + +session required /lib/security/pam_limits.so +session required /lib/security/pam_unix.so diff --git a/sys-libs/pam/files/pam_env.conf b/sys-libs/pam/files/pam_env.conf index 3bb79fde5f44..b1e7840baadd 100644 --- a/sys-libs/pam/files/pam_env.conf +++ b/sys-libs/pam/files/pam_env.conf @@ -1,6 +1,6 @@ -# $Date: 2004/12/13 19:04:06 $ +# $Date: 2005/02/25 20:31:28 $ # $Author: azarah $ -# $Id: pam_env.conf,v 1.2 2004/12/13 19:04:06 azarah Exp $ +# $Id: pam_env.conf,v 1.3 2005/02/25 20:31:28 azarah Exp $ # # This is the configuration file for pam_env, a PAM module to load in # a configurable list of environment variables for a @@ -49,16 +49,14 @@ # # Set the REMOTEHOST variable for any hosts that are remote, default # to "localhost" rather than not being set at all -# Note: Rather set default to "", as DISPLAY=localhost:0.0 do not work -# here at least. -REMOTEHOST DEFAULT= OVERRIDE=@{PAM_RHOST} +#REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST} # # Set the DISPLAY variable if it seems reasonable #DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY} -DISPLAY DEFAULT= OVERRIDE=@{DISPLAY} +#DISPLAY DEFAULT= OVERRIDE=@{DISPLAY} # # Set the XAUTHORITY variable if pam_xauth is used -XAUTHORITY DEFAULT= OVERRIDE=@{XAUTHORITY} +#XAUTHORITY DEFAULT= OVERRIDE=@{XAUTHORITY} # # # Now some simple variables diff --git a/sys-libs/pam/pam-0.78.ebuild b/sys-libs/pam/pam-0.78.ebuild new file mode 100644 index 000000000000..7d3a4c85233f --- /dev/null +++ b/sys-libs/pam/pam-0.78.ebuild @@ -0,0 +1,343 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/pam-0.78.ebuild,v 1.1 2005/02/25 20:31:28 azarah Exp $ + +FORCE_SYSTEMAUTH_UPDATE="no" + +# BDB is internalized to get a non-threaded lib for pam_userdb.so to +# be built with. The runtime-only dependency on BDB suggests the user +# will use the system-installed db_load to create pam_userdb databases. +# PWDB is internalized because it is specifically designed to work +# with Linux-PAM. I'm not really certain how pervasive the Radius +# and NIS services of PWDB are at this point. + +PATCH_LEVEL="1.0" +BDB_VER="4.3.27" +BDB_VER2="4.1.25" +PAM_REDHAT_VER="0.78-3" + +HOMEPAGE="http://www.kernel.org/pub/linux/libs/pam/" +DESCRIPTION="Pluggable Authentication Modules" + +S="${WORKDIR}/Linux-PAM-${PV}" +S2="${WORKDIR}/pam-${PV}-patches" +SRC_URI="http://www.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-${PV}.tar.gz + mirror://gentoo/${P}-patches-${PATCH_LEVEL}.tar.bz2 + http://dev.gentoo.org/~seemant/distfiles/${P}-patches-${PATCH_LEVEL}.tar.bz2 + berkdb? ( http://downloads.sleepycat.com/db-${BDB_VER}.tar.gz )" + +LICENSE="PAM" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" +IUSE="berkdb pwdb selinux pam_chroot pam_console pam_timestamp" + +RDEPEND=">=sys-libs/cracklib-2.7-r8 + selinux? ( sys-libs/libselinux ) + berkdb? ( >=sys-libs/db-${BDB_VER2} )" + +# Note that we link to static versions of glib (pam_console.so) +# and pwdb (pam_pwdb.so), so we need glib-2.6.2-r1 or later ... +DEPEND="${RDEPEND} + dev-lang/perl + pam_console? ( >=dev-libs/glib-2.6.2-r1 ) + >=sys-devel/autoconf-2.59 + >=sys-devel/automake-1.6 + >=sys-devel/flex-2.5.4a-r5 + pwdb? ( >=sys-libs/pwdb-0.62 )" + +# Have python sandbox issues currently ... +# doc? ( app-text/sgmltools-lite ) + +#inherit needs to be after DEPEND definition to protect RDEPEND +inherit gcc eutils flag-o-matic gnuconfig + +apply_pam_patches() { + local x= + local y= + local patches="${T}/patches.$$" + + for x in redhat gentoo + do + rm -f "${patches}" + + # Need to be a '| while read x', as some lines may have spaces ... + grep -v '^#' "${S2}/list.${x}-patches" | grep -v '^$' | while read y + do + # Remove the 'Patch[0-9]*: ' from the redhat list + echo "${y}" | sed -e 's|^Patch.*: \(.*\)|\1|' >> "${patches}" + done + for y in $(cat "${patches}") + do + epatch "${S2}/${x}-patches/${y}" + done + done +} + +pkg_setup() { + local x= + + if use pwdb; then + for x in libpwdb.a libcrack.a; do + if [ ! -f "${ROOT}/usr/$(get_libdir)/${x}" ]; then + eerror "Could not find /usr/$(get_libdir)/${x} needed to build Linux-PAM!" + die "Could not find /usr/$(get_libdir)/${x} needed to build Linux-PAM!" + fi + done + fi + if use pam_console; then + x="libglib-2.0.a" + if [ ! -f "${ROOT}/usr/$(get_libdir)/${x}" ]; then + eerror "Could not find /usr/$(get_libdir)/${x} needed to build Linux-PAM!" + eerror "Please remerge glib-2.6.* to make sure you have static changes." + die "Could not find /usr/$(get_libdir)/${x} needed to build Linux-PAM!" + fi + fi + + return 0 +} + +src_unpack() { + local x= + + unpack ${A} || die "Couldn't unpack ${A}" + + cd ${S} || die + tar -zxf ${S2}/pam-redhat-${PAM_REDHAT_VER}.tar.gz \ + || die "Couldn't unpack pam-redhat-${PAM_REDHAT_VER}.tar.gz" + # These ones we do not want, or do not work with non RH + rm -rf ${S}/modules/{pam_rps,pam_postgresok} + + apply_pam_patches + + # Check which extra modules should be built + # (Do this after apply_pam_patches(), else some may fail) + for x in pam_chroot pam_console pam_timestamp; do + use "${x}" || rm -rf "${S}/modules/${x}" + done + use berkdb || rm -rf "${S}/modules/pam_userdb" + use pwdb || rm -rf "${S}/modules/pam_pwdb" + use pwdb || rm -rf "${S}/modules/pam_radius" + + # Fixup libdir for 64bit arches + sed -ie "s:@get_libdir:$(get_libdir):" ${S}/configure.in + + if use selinux; then + epatch ${S2}/gentoo-patches/pam-078-selinux.patch + use pwdb && epatch ${S2}/gentoo-patches/pam-pwdbselinux.patch + fi + + for readme in modules/pam_*/README ; do + cp -f "${readme}" doc/txts/README.$(dirname "${readme}" | \ + sed -e 's|^modules/||') + done + + # Bug #80604 (If install-sh do not exist, touch it) + cp /usr/share/automake/install-sh ${S}/ 2>/dev/null || touch install-sh + export WANT_AUTOCONF=2.5 + autoconf || die +} + +src_compile() { + # Bug #70471 (Compile issues with other locales) + export LANG=C LC_ALL=C + + if use berkdb + then + einfo "Building Berkley DB ${BDB_VER}..." + cd ${WORKDIR}/db-${BDB_VER}/build_unix || die + + # Pam uses berkdb, which db-4.1.x series can't detect mips64, so we fix it + if use mips; then + einfo "Updating berkdb config.{guess,sub} for mips" + S="${WORKDIR}/db-${BDB_VER}/dist" \ + gnuconfig_update + fi + + #echo db_cv_mutex=UNIX/fcntl > config.cache + #./s_config + ../dist/configure \ + --cache-file=config.cache \ + --disable-compat185 \ + --disable-cxx \ + --disable-diagnostic \ + --disable-dump185 \ + --disable-java \ + --disable-rpc \ + --disable-tcl \ + --disable-shared \ + --disable-o_direct \ + --with-pic \ + --with-uniquename=_pam \ + --with-mutex="UNIX/fcntl" \ + --prefix="${S}" \ + --includedir="${S}/include" \ + --libdir="${S}/lib" || die "Bad BDB ./configure" + + # XXX: hack out O_DIRECT support in db4 for now. + # (Done above now with --disable-o_direct now) + + make || die "BDB build failed" + make install || die + + export CPPFLAGS="-I${S}/include" + export LDFLAGS="-L${S}/lib" + export LIBNAME="lib" + fi + + if [ "${ARCH}" = "alpha" ] + then + if [ ! -z "$(strings -a /usr/lib/libglib.a | grep -i 'Compaq Computer Corp.')" ] + then + # should be LDFLAGS, but this configure is screwy. + echo + einfo "It looks like you compiled glib with ccc, this is okay, but" + einfo "I'll need to force gcc to link with libots...." + echo + append-flags -lots + sed -i -e 's/$(CC) -o/$(CC) -lots -o/g' ${S}/modules/pam_pwdb/Makefile + fi + fi + + einfo "Building Linux-PAM ${PV}..." + cd ${S} + ./configure \ + --libdir="/$(get_libdir)" \ + --enable-static-libpam \ + --enable-fakeroot="${D}" \ + --enable-isadir="/$(get_libdir)/security" \ + --host="${CHOST}" || die + + # Python stuff in docs gives sandbox problems + sed -i -e 's|modules doc examples|modules|' Makefile + + # Fix warnings for gcc-2.95.3 + if [ "$(gcc-version)" = "2.95" ] + then + sed -i -e "s:-Wpointer-arith::" Make.Rules + fi + + if ! use berkdb + then + # Do not build pam_userdb.so ... + sed -i -e "s:^HAVE_NDBM_H=yes:HAVE_NDBM_H=no:" \ + -e "s:^HAVE_LIBNDBM=yes:HAVE_LIBNDBM=no:" \ + -e "s:^HAVE_LIBDB=yes:HAVE_LIBDB=no:" \ + Make.Rules + + # Also edit the configuration file else the wrong include files + # get used + sed -i -e "s:^#define HAVE_NDBM_H.*$:/* #undef HAVE_NDBM_H */:" \ + -e "s:^#define HAVE_DB_H.*$:/* #undef HAVE_DB_H */:" \ + _pam_aconf.h + + else + # Do not link pam_userdb.so to db-1.85 ... + sed -i -e "s:^HAVE_NDBM_H=yes:HAVE_NDBM_H=no:" \ + -e "s:^HAVE_LIBNDBM=yes:HAVE_LIBNDBM=no:" \ + Make.Rules + + # Also edit the configuration file else the wrong include files + # get used + sed -i -e "s:^#define HAVE_NDBM_H.*$:/* #undef HAVE_NDBM_H */:" \ + _pam_aconf.h + fi + + make || die "PAM build failed" +} + +src_install() { + local x= + + einfo "Installing Linux-PAM ${PV}..." + make FAKEROOT=${D} \ + LDCONFIG="" \ + install || die + + # Make sure every module built. + # Do not remove this, as some module can fail to build + # and effectively lock the user out of his system. + einfo "Checking if all modules were built..." + for x in ${S}/modules/pam_* + do + if [ -d ${x} ] + then + local mod_name=$(basename "${x}") + local sec_dir="${D}/$(get_libdir)/security" + + # Its OK if the module failed when we didnt ask for it anyway + if ! ls -1 "${sec_dir}/${mod_name}"*.so &> /dev/null + then + echo + eerror "ERROR: ${mod_name} module did not build." + echo + die "${mod_name} module did not build." + fi + fi + done + + dodir /usr/$(get_libdir) + cd ${D}/$(get_libdir) + for x in pam pamc pam_misc + do + rm lib${x}.so + ln -s lib${x}.so.${PV} lib${x}.so + ln -s lib${x}.so.${PV} lib${x}.so.0 + mv lib${x}.a ${D}/usr/$(get_libdir) + # See bug #4411 + gen_usr_ldscript lib${x}.so + done + + cd ${S} + + # need this for pam_console + keepdir /var/run/console + + for x in ${FILESDIR}/pam.d/* + do + [[ -f ${x} ]] && dopamd ${x} + done + + # Only add this one if needed. + if [ "${FORCE_SYSTEMAUTH_UPDATE}" = "yes" ]; then + newpamd ${FILESDIR}/pam.d/system-auth system-auth.new || \ + die "Failed to install system-auth.new!" + fi + + insinto /etc/security + doins ${FILESDIR}/pam_env.conf + doman doc/man/*.[0-9] + + dodoc CHANGELOG Copyright README + docinto modules ; dodoc modules/README ; dodoc doc/txts/README.* + # Install our own README.pam_console + docinto ; dodoc ${FILESDIR}/README.pam_console + docinto txt ; dodoc doc/specs/*.txt #doc/txts/*.txt +# docinto print ; dodoc doc/ps/*.ps + +# docinto html +# dohtml -r doc/html/ +} + +pkg_postinst() { + if [ "${FORCE_SYSTEMAUTH_UPDATE}" = "yes" ]; then + local CHECK1="$(md5sum ${ROOT}/etc/pam.d/system-auth | cut -d ' ' -f 1)" + local CHECK2="$(md5sum ${ROOT}/etc/pam.d/system-auth.new | cut -d ' ' -f 1)" + + if [ "${CHECK1}" != "${CHECK2}" ]; then + ewarn "Due to a security issue, ${ROOT}etc/pam.d/system-auth " + ewarn "is being updated automatically. Your old " + ewarn "system-auth will be backed up as:" + ewarn + ewarn " ${ROOT}etc/pam.d/system-auth.bak" + echo + + cp -a ${ROOT}/etc/pam.d/system-auth \ + ${ROOT}/etc/pam.d/system-auth.bak; + mv -f ${ROOT}/etc/pam.d/system-auth.new \ + ${ROOT}/etc/pam.d/system-auth + rm -f ${ROOT}/etc/pam.d/._cfg????_system-auth + else + rm -f ${ROOT}/etc/pam.d/system-auth.new + fi + fi +} |