diff options
author | Martin Schlemmer <azarah@gentoo.org> | 2005-08-01 11:48:13 +0000 |
---|---|---|
committer | Martin Schlemmer <azarah@gentoo.org> | 2005-08-01 11:48:13 +0000 |
commit | b976b5b2c057577ed4010dc5f919d583fcbbbbc5 (patch) | |
tree | ed46a86dd39ec04aab32dba2044723868f07de46 /sys-apps/pam-login | |
parent | Update version. Remove login.access, related manpages, etc for PAM enabled, ... (diff) | |
download | historical-b976b5b2c057577ed4010dc5f919d583fcbbbbc5.tar.gz historical-b976b5b2c057577ed4010dc5f919d583fcbbbbc5.tar.bz2 historical-b976b5b2c057577ed4010dc5f919d583fcbbbbc5.zip |
Sync with Shadow ... too many changes these days to keep track. Redo pamd file, as the PAM enabled version no longer use LASTLOG, etc.
Package-Manager: portage-2.0.51.22-r2
Diffstat (limited to 'sys-apps/pam-login')
-rw-r--r-- | sys-apps/pam-login/ChangeLog | 10 | ||||
-rw-r--r-- | sys-apps/pam-login/Manifest | 10 | ||||
-rw-r--r-- | sys-apps/pam-login/files/digest-pam-login-4.0.11.1 | 1 | ||||
-rw-r--r-- | sys-apps/pam-login/files/login.defs-4.0 | 205 | ||||
-rw-r--r-- | sys-apps/pam-login/files/login.pamd-4.0 | 24 | ||||
-rw-r--r-- | sys-apps/pam-login/files/pam-login-4.0.10-fix-configure.patch | 24 | ||||
-rw-r--r-- | sys-apps/pam-login/pam-login-4.0.11.1.ebuild | 125 |
7 files changed, 398 insertions, 1 deletions
diff --git a/sys-apps/pam-login/ChangeLog b/sys-apps/pam-login/ChangeLog index c225b337775e..99708c1cfc47 100644 --- a/sys-apps/pam-login/ChangeLog +++ b/sys-apps/pam-login/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for sys-apps/pam-login # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/pam-login/ChangeLog,v 1.51 2005/07/19 22:51:21 kloeri Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/pam-login/ChangeLog,v 1.52 2005/08/01 11:48:13 azarah Exp $ + +*pam-login-4.0.11.1 (01 Aug 2005) + + 01 Aug 2005; Martin Schlemmer <azarah@gentoo.org> +files/login.defs-4.0, + +files/login.pamd-4.0, +files/pam-login-4.0.10-fix-configure.patch, + +pam-login-4.0.11.1.ebuild: + Sync with Shadow ... too many changes these days to keep track. Redo pamd + file, as the PAM enabled version no longer use LASTLOG, etc. 19 Jul 2005; Bryan Ăstergaard <kloeri@gentoo.org> pam-login-3.17.ebuild: Stable on alpha. diff --git a/sys-apps/pam-login/Manifest b/sys-apps/pam-login/Manifest index fb7d5be37edd..3db6838450ee 100644 --- a/sys-apps/pam-login/Manifest +++ b/sys-apps/pam-login/Manifest @@ -1,3 +1,6 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + MD5 080856750b39e5e4ff407da09d3dcd4f pam-login-4.0.11.1.ebuild 3434 MD5 8881a99f155f3c3eaa29ee645d671e06 ChangeLog 7521 MD5 2595d9d5d585309a961d44bb056d46fe pam-login-3.17.ebuild 2876 @@ -16,3 +19,10 @@ MD5 2fdbabc344539e9dfd4955c061596a27 files/pam-login-3.17-query_user_context.pat MD5 2e7603feaff187884dd9b1e66601f02b files/login.pamd 382 MD5 7761083b62bdcb822f1b9533aab2e06c files/pam-login-3.11-lastlog-fix.patch 362 MD5 e7f9dde204926c73a570b344556e4b1e files/digest-pam-login-3.17 67 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.1 (GNU/Linux) + +iD8DBQFC7gzH1ZcsMnZjRyIRAtDEAKCkeB3siJAtf4yExWeU4Czzl+YRLgCguX9M +2kiAQ0fRh66CPeDbWd8ypaE= +=ypeo +-----END PGP SIGNATURE----- diff --git a/sys-apps/pam-login/files/digest-pam-login-4.0.11.1 b/sys-apps/pam-login/files/digest-pam-login-4.0.11.1 new file mode 100644 index 000000000000..797d6633880d --- /dev/null +++ b/sys-apps/pam-login/files/digest-pam-login-4.0.11.1 @@ -0,0 +1 @@ +MD5 e60b7b16128b9e00576073389a0ff1e6 shadow-4.0.11.1.tar.bz2 1056103 diff --git a/sys-apps/pam-login/files/login.defs-4.0 b/sys-apps/pam-login/files/login.defs-4.0 new file mode 100644 index 000000000000..a59ba6834b26 --- /dev/null +++ b/sys-apps/pam-login/files/login.defs-4.0 @@ -0,0 +1,205 @@ +# +# /etc/login.defs - Configuration control definitions for the login package. +# +# $Id: login.defs-4.0,v 1.1 2005/08/01 11:48:13 azarah Exp $ +# +# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. +# If unspecified, some arbitrary (and possibly incorrect) value will +# be assumed. All other items are optional - if not specified then +# the described action or option will be inhibited. +# +# Comment lines (lines beginning with "#") and blank lines are ignored. +# +# Modified for Linux. --marekm + +# +# Delay in seconds before being allowed another attempt after a login failure +# +FAIL_DELAY 3 + +# +# Enable display of unknown usernames when login failures are recorded. +# +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +CONSOLE /etc/securetty +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# *REQUIRED* +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define both, MAIL_DIR takes precedence. +# +MAIL_DIR /var/spool/mail + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# UMASK Default "umask" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# The ULIMIT is used only if the system supports it. +# (now it works with setrlimit too; ulimit is in 512-byte units) +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +UMASK 022 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 1000 +UID_MAX 60000 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 100 +GID_MAX 60000 + +# +# Max number of login retries if password is bad +# +LOGIN_RETRIES 3 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# When prompting for password without echo, getpass() can optionally +# display a random number (in the range 1 to GETPASS_ASTERISKS) of '*' +# characters for each character typed. This feature is designed to +# confuse people looking over your shoulder when you enter a password :-). +# Also, the new getpass() accepts both Backspace (8) and Delete (127) +# keys to delete previous character (to cope with different terminal +# types), Control-U to delete all characters, and beeps when there are +# no more characters to delete, or too many characters entered. +# +# Setting GETPASS_ASTERISKS to 1 results in more traditional behaviour - +# exactly one '*' displayed for each character typed. +# +# Setting GETPASS_ASTERISKS to 0 disables the '*' characters (Backspace, +# Delete, Control-U and beep continue to work as described above). +# +# Setting GETPASS_ASTERISKS to -1 reverts to the traditional getpass() +# without any new features. This is the default. +# +GETPASS_ASTERISKS 0 + +# +# Enable setting of the umask group bits to be the same as owner bits +# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is +# the same as gid, and username is the same as the primary group name. +# +# This also enables userdel to remove user groups if no members exist. +# +USERGROUPS_ENAB yes + diff --git a/sys-apps/pam-login/files/login.pamd-4.0 b/sys-apps/pam-login/files/login.pamd-4.0 new file mode 100644 index 000000000000..6676526a9cb4 --- /dev/null +++ b/sys-apps/pam-login/files/login.pamd-4.0 @@ -0,0 +1,24 @@ +#%PAM-1.0 + +auth required pam_securetty.so +auth include system-auth +auth required pam_tally.so file=/var/log/faillog onerr=succeed no_magic_root +auth required pam_shells.so +auth required pam_nologin.so + +account required pam_access.so +account include system-auth +account required pam_tally.so deny=0 file=/var/log/faillog onerr=succeed no_magic_root + +password include system-auth + +session include system-auth +session required pam_env.so +session optional pam_lastlog.so +session optional pam_motd.so motd=/etc/motd +session optional pam_mail.so + +# If you want to enable pam_console, uncomment the following line +# and read carefully README.pam_console in /usr/share/doc/pam* +#session optional pam_console.so + diff --git a/sys-apps/pam-login/files/pam-login-4.0.10-fix-configure.patch b/sys-apps/pam-login/files/pam-login-4.0.10-fix-configure.patch new file mode 100644 index 000000000000..eeee957510ae --- /dev/null +++ b/sys-apps/pam-login/files/pam-login-4.0.10-fix-configure.patch @@ -0,0 +1,24 @@ +Fix wrong var name + +--- configure.in ++++ configure.in +@@ -165,7 +165,7 @@ AC_DEFINE_UNQUOTED(_UTMP_FILE, "$shadow_ + + AC_CACHE_CHECK([location of faillog/lastlog/wtmp], shadow_cv_logdir, + [for shadow_cv_logdir in /var/log /var/adm /usr/adm /etc; do +- if test -d $logdir; then ++ if test -d $shadow_cv_logdir; then + break + fi + done]) +--- configure ++++ configure +@@ -22349,7 +22348,7 @@ + echo $ECHO_N "(cached) $ECHO_C" >&6 + else + for shadow_cv_logdir in /var/log /var/adm /usr/adm /etc; do +- if test -d $logdir; then ++ if test -d $shadow_cv_logdir; then + break + fi + done diff --git a/sys-apps/pam-login/pam-login-4.0.11.1.ebuild b/sys-apps/pam-login/pam-login-4.0.11.1.ebuild new file mode 100644 index 000000000000..99f1eba3015c --- /dev/null +++ b/sys-apps/pam-login/pam-login-4.0.11.1.ebuild @@ -0,0 +1,125 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/pam-login/pam-login-4.0.11.1.ebuild,v 1.1 2005/08/01 11:48:13 azarah Exp $ + +inherit eutils libtool flag-o-matic pam + +# Do we want to backup an old login.defs, and forcefully +# install a new version? +FORCE_LOGIN_DEFS="no" + +MY_PN="shadow" +S="${WORKDIR}/${MY_PN}-${PV}" +DESCRIPTION="Login, lastlog and faillog for PAM based systems" +HOMEPAGE="http://shadow.pld.org.pl/" +SRC_URI="ftp://ftp.pld.org.pl/software/${MY_PN}/${MY_PN}-${PV}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="livecd nls selinux" + +DEPEND="virtual/libc + sys-libs/pam + >=sys-apps/shadow-4.0.11.1 + selinux? ( sys-libs/libselinux )" +# We need sys-apps/shadow-4.0.7-r1, as that no longer installs login.pamd + +src_unpack() { + unpack ${A} + + cd ${S} + + # The new configure changes do not detect utmp/logdir properly + epatch "${FILESDIR}"/${PN}-4.0.10-fix-configure.patch + + elibtoolize + epunt_cxx +} + +src_compile() { + append-ldflags -Wl,-z,now + [[ ${CTARGET:-${CHOST}} != ${CHOST} ]] \ + && export ac_cv_func_setpgrp_void=yes + econf \ + --disable-desrpc \ + --with-libcrypt \ + --with-libcrack \ + --enable-shared=no \ + --enable-static=yes \ + --with-libpam \ + $(use_with skey libskey) \ + $(use_with selinux) \ + $(use_enable nls) \ + || die "bad configure" + + cd ${S}/man + emake SUBDIRS="" \ + man_XMANS="faillog.5.xml faillog.8.xml lastlog.8.xml \ + login.1.xml login.access.5.xml login.defs.5.xml" \ + man_MANS="faillog.5 faillog.8 lastlog.8 \ + login.1 login.access.5 login.defs.5" \ + || die "emake man failed" + cd ${S}/libmisc + emake || die "emake libmisc failed" + cd ${S}/lib + emake || die "emake lib failed" + cd ${S}/src + emake faillog lastlog login || die "emake faillog lastlog login failed" +} + +src_install() { + cd ${S}/man + make SUBDIRS="" \ + man_XMANS="faillog.5.xml faillog.8.xml lastlog.8.xml \ + login.1.xml login.defs.5.xml" \ + man_MANS="faillog.5 faillog.8 lastlog.8 \ + login.1 login.defs.5" \ + DESTDIR=${D} install || die "emake man failed" + cd ${S}/src + + into / + dobin ${S}/src/login + into /usr + dobin ${S}/src/{last,fail}log + + newpamd "${FILESDIR}/login.pamd-4.0" login + + insinto /etc + insopts -m0644 + newins "${FILESDIR}/login.defs-4.0" login.defs + + # Also install another one that we can use to check if + # we need to update it if FORCE_LOGIN_DEFS = "yes" + [ "${FORCE_LOGIN_DEFS}" = "yes" ] \ + && newins "${FILESDIR}/login.defs" login.defs.new + + dodoc ChangeLog NEWS README TODO +} + +pkg_preinst() { + rm -f "${ROOT}/etc/login.defs.new" +} + +pkg_postinst() { + [ "${FORCE_LOGIN_DEFS}" != "yes" ] && return 0 + + ewarn "Due to a compatibility issue, ${ROOT}etc/login.defs " + ewarn "is being updated automatically. Your old login.defs" + ewarn "will be backed up as: ${ROOT}etc/login.defs.bak" + echo + + local CHECK1="`md5sum ${ROOT}/etc/login.defs | cut -d ' ' -f 1`" + local CHECK2="`md5sum ${ROOT}/etc/login.defs.new | cut -d ' ' -f 1`" + + if [ "${CHECK1}" != "${CHECK2}" ] + then + cp -a ${ROOT}/etc/login.defs ${ROOT}/etc/login.defs.bak + mv -f ${ROOT}/etc/login.defs.new ${ROOT}/etc/login.defs + elif [ ! -f ${ROOT}/etc/login.defs ] + then + mv -f ${ROOT}/etc/login.defs.new ${ROOT}/etc/login.defs + else + rm -f ${ROOT}/etc/login.defs.new + fi +} |