summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartin Schlemmer <azarah@gentoo.org>2005-08-01 11:48:13 +0000
committerMartin Schlemmer <azarah@gentoo.org>2005-08-01 11:48:13 +0000
commitb976b5b2c057577ed4010dc5f919d583fcbbbbc5 (patch)
treeed46a86dd39ec04aab32dba2044723868f07de46 /sys-apps/pam-login
parentUpdate version. Remove login.access, related manpages, etc for PAM enabled, ... (diff)
downloadhistorical-b976b5b2c057577ed4010dc5f919d583fcbbbbc5.tar.gz
historical-b976b5b2c057577ed4010dc5f919d583fcbbbbc5.tar.bz2
historical-b976b5b2c057577ed4010dc5f919d583fcbbbbc5.zip
Sync with Shadow ... too many changes these days to keep track. Redo pamd file, as the PAM enabled version no longer use LASTLOG, etc.
Package-Manager: portage-2.0.51.22-r2
Diffstat (limited to 'sys-apps/pam-login')
-rw-r--r--sys-apps/pam-login/ChangeLog10
-rw-r--r--sys-apps/pam-login/Manifest10
-rw-r--r--sys-apps/pam-login/files/digest-pam-login-4.0.11.11
-rw-r--r--sys-apps/pam-login/files/login.defs-4.0205
-rw-r--r--sys-apps/pam-login/files/login.pamd-4.024
-rw-r--r--sys-apps/pam-login/files/pam-login-4.0.10-fix-configure.patch24
-rw-r--r--sys-apps/pam-login/pam-login-4.0.11.1.ebuild125
7 files changed, 398 insertions, 1 deletions
diff --git a/sys-apps/pam-login/ChangeLog b/sys-apps/pam-login/ChangeLog
index c225b337775e..99708c1cfc47 100644
--- a/sys-apps/pam-login/ChangeLog
+++ b/sys-apps/pam-login/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for sys-apps/pam-login
# Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/pam-login/ChangeLog,v 1.51 2005/07/19 22:51:21 kloeri Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/pam-login/ChangeLog,v 1.52 2005/08/01 11:48:13 azarah Exp $
+
+*pam-login-4.0.11.1 (01 Aug 2005)
+
+ 01 Aug 2005; Martin Schlemmer <azarah@gentoo.org> +files/login.defs-4.0,
+ +files/login.pamd-4.0, +files/pam-login-4.0.10-fix-configure.patch,
+ +pam-login-4.0.11.1.ebuild:
+ Sync with Shadow ... too many changes these days to keep track. Redo pamd
+ file, as the PAM enabled version no longer use LASTLOG, etc.
19 Jul 2005; Bryan Østergaard <kloeri@gentoo.org> pam-login-3.17.ebuild:
Stable on alpha.
diff --git a/sys-apps/pam-login/Manifest b/sys-apps/pam-login/Manifest
index fb7d5be37edd..3db6838450ee 100644
--- a/sys-apps/pam-login/Manifest
+++ b/sys-apps/pam-login/Manifest
@@ -1,3 +1,6 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
MD5 080856750b39e5e4ff407da09d3dcd4f pam-login-4.0.11.1.ebuild 3434
MD5 8881a99f155f3c3eaa29ee645d671e06 ChangeLog 7521
MD5 2595d9d5d585309a961d44bb056d46fe pam-login-3.17.ebuild 2876
@@ -16,3 +19,10 @@ MD5 2fdbabc344539e9dfd4955c061596a27 files/pam-login-3.17-query_user_context.pat
MD5 2e7603feaff187884dd9b1e66601f02b files/login.pamd 382
MD5 7761083b62bdcb822f1b9533aab2e06c files/pam-login-3.11-lastlog-fix.patch 362
MD5 e7f9dde204926c73a570b344556e4b1e files/digest-pam-login-3.17 67
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (GNU/Linux)
+
+iD8DBQFC7gzH1ZcsMnZjRyIRAtDEAKCkeB3siJAtf4yExWeU4Czzl+YRLgCguX9M
+2kiAQ0fRh66CPeDbWd8ypaE=
+=ypeo
+-----END PGP SIGNATURE-----
diff --git a/sys-apps/pam-login/files/digest-pam-login-4.0.11.1 b/sys-apps/pam-login/files/digest-pam-login-4.0.11.1
new file mode 100644
index 000000000000..797d6633880d
--- /dev/null
+++ b/sys-apps/pam-login/files/digest-pam-login-4.0.11.1
@@ -0,0 +1 @@
+MD5 e60b7b16128b9e00576073389a0ff1e6 shadow-4.0.11.1.tar.bz2 1056103
diff --git a/sys-apps/pam-login/files/login.defs-4.0 b/sys-apps/pam-login/files/login.defs-4.0
new file mode 100644
index 000000000000..a59ba6834b26
--- /dev/null
+++ b/sys-apps/pam-login/files/login.defs-4.0
@@ -0,0 +1,205 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# $Id: login.defs-4.0,v 1.1 2005/08/01 11:48:13 azarah Exp $
+#
+# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed. All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux. --marekm
+
+#
+# Delay in seconds before being allowed another attempt after a login failure
+#
+FAIL_DELAY 3
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+LOG_UNKFAIL_ENAB no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB yes
+SYSLOG_SG_ENAB yes
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names. Root logins will be allowed only
+# upon these devices.
+#
+CONSOLE /etc/securetty
+#CONSOLE console:tty01:tty02:tty03:tty04
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE /var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100 tty01".
+#
+#TTYTYPE_FILE /etc/ttytype
+
+#
+# If defined, the command name to display when running "su -". For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su". If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME su
+
+#
+# *REQUIRED*
+# Directory where mailboxes reside, _or_ name of file, relative to the
+# home directory. If you _do_ define both, MAIL_DIR takes precedence.
+#
+MAIL_DIR /var/spool/mail
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence. If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file. If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE .hushlogin
+#HUSHLOGIN_FILE /etc/hushlogins
+
+#
+# Terminal permissions
+#
+# TTYGROUP Login tty will be assigned this group ownership.
+# TTYPERM Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+TTYGROUP tty
+TTYPERM 0600
+
+#
+# Login configuration initializations:
+#
+# ERASECHAR Terminal ERASE character ('\010' = backspace).
+# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
+# UMASK Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# The ULIMIT is used only if the system supports it.
+# (now it works with setrlimit too; ulimit is in 512-byte units)
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR 0177
+KILLCHAR 025
+UMASK 022
+
+#
+# Password aging controls:
+#
+# PASS_MAX_DAYS Maximum number of days a password may be used.
+# PASS_MIN_DAYS Minimum number of days allowed between password changes.
+# PASS_WARN_AGE Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS 99999
+PASS_MIN_DAYS 0
+PASS_WARN_AGE 7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN 1000
+UID_MAX 60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN 100
+GID_MAX 60000
+
+#
+# Max number of login retries if password is bad
+#
+LOGIN_RETRIES 3
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT 60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone). If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+#
+CHFN_RESTRICT rwh
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting). Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+#CONSOLE_GROUPS floppy:audio:cdrom
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default in no.
+#
+DEFAULT_HOME yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD /usr/sbin/userdel_local
+
+#
+# When prompting for password without echo, getpass() can optionally
+# display a random number (in the range 1 to GETPASS_ASTERISKS) of '*'
+# characters for each character typed. This feature is designed to
+# confuse people looking over your shoulder when you enter a password :-).
+# Also, the new getpass() accepts both Backspace (8) and Delete (127)
+# keys to delete previous character (to cope with different terminal
+# types), Control-U to delete all characters, and beeps when there are
+# no more characters to delete, or too many characters entered.
+#
+# Setting GETPASS_ASTERISKS to 1 results in more traditional behaviour -
+# exactly one '*' displayed for each character typed.
+#
+# Setting GETPASS_ASTERISKS to 0 disables the '*' characters (Backspace,
+# Delete, Control-U and beep continue to work as described above).
+#
+# Setting GETPASS_ASTERISKS to -1 reverts to the traditional getpass()
+# without any new features. This is the default.
+#
+GETPASS_ASTERISKS 0
+
+#
+# Enable setting of the umask group bits to be the same as owner bits
+# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
+# the same as gid, and username is the same as the primary group name.
+#
+# This also enables userdel to remove user groups if no members exist.
+#
+USERGROUPS_ENAB yes
+
diff --git a/sys-apps/pam-login/files/login.pamd-4.0 b/sys-apps/pam-login/files/login.pamd-4.0
new file mode 100644
index 000000000000..6676526a9cb4
--- /dev/null
+++ b/sys-apps/pam-login/files/login.pamd-4.0
@@ -0,0 +1,24 @@
+#%PAM-1.0
+
+auth required pam_securetty.so
+auth include system-auth
+auth required pam_tally.so file=/var/log/faillog onerr=succeed no_magic_root
+auth required pam_shells.so
+auth required pam_nologin.so
+
+account required pam_access.so
+account include system-auth
+account required pam_tally.so deny=0 file=/var/log/faillog onerr=succeed no_magic_root
+
+password include system-auth
+
+session include system-auth
+session required pam_env.so
+session optional pam_lastlog.so
+session optional pam_motd.so motd=/etc/motd
+session optional pam_mail.so
+
+# If you want to enable pam_console, uncomment the following line
+# and read carefully README.pam_console in /usr/share/doc/pam*
+#session optional pam_console.so
+
diff --git a/sys-apps/pam-login/files/pam-login-4.0.10-fix-configure.patch b/sys-apps/pam-login/files/pam-login-4.0.10-fix-configure.patch
new file mode 100644
index 000000000000..eeee957510ae
--- /dev/null
+++ b/sys-apps/pam-login/files/pam-login-4.0.10-fix-configure.patch
@@ -0,0 +1,24 @@
+Fix wrong var name
+
+--- configure.in
++++ configure.in
+@@ -165,7 +165,7 @@ AC_DEFINE_UNQUOTED(_UTMP_FILE, "$shadow_
+
+ AC_CACHE_CHECK([location of faillog/lastlog/wtmp], shadow_cv_logdir,
+ [for shadow_cv_logdir in /var/log /var/adm /usr/adm /etc; do
+- if test -d $logdir; then
++ if test -d $shadow_cv_logdir; then
+ break
+ fi
+ done])
+--- configure
++++ configure
+@@ -22349,7 +22348,7 @@
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+ else
+ for shadow_cv_logdir in /var/log /var/adm /usr/adm /etc; do
+- if test -d $logdir; then
++ if test -d $shadow_cv_logdir; then
+ break
+ fi
+ done
diff --git a/sys-apps/pam-login/pam-login-4.0.11.1.ebuild b/sys-apps/pam-login/pam-login-4.0.11.1.ebuild
new file mode 100644
index 000000000000..99f1eba3015c
--- /dev/null
+++ b/sys-apps/pam-login/pam-login-4.0.11.1.ebuild
@@ -0,0 +1,125 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/pam-login/pam-login-4.0.11.1.ebuild,v 1.1 2005/08/01 11:48:13 azarah Exp $
+
+inherit eutils libtool flag-o-matic pam
+
+# Do we want to backup an old login.defs, and forcefully
+# install a new version?
+FORCE_LOGIN_DEFS="no"
+
+MY_PN="shadow"
+S="${WORKDIR}/${MY_PN}-${PV}"
+DESCRIPTION="Login, lastlog and faillog for PAM based systems"
+HOMEPAGE="http://shadow.pld.org.pl/"
+SRC_URI="ftp://ftp.pld.org.pl/software/${MY_PN}/${MY_PN}-${PV}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="livecd nls selinux"
+
+DEPEND="virtual/libc
+ sys-libs/pam
+ >=sys-apps/shadow-4.0.11.1
+ selinux? ( sys-libs/libselinux )"
+# We need sys-apps/shadow-4.0.7-r1, as that no longer installs login.pamd
+
+src_unpack() {
+ unpack ${A}
+
+ cd ${S}
+
+ # The new configure changes do not detect utmp/logdir properly
+ epatch "${FILESDIR}"/${PN}-4.0.10-fix-configure.patch
+
+ elibtoolize
+ epunt_cxx
+}
+
+src_compile() {
+ append-ldflags -Wl,-z,now
+ [[ ${CTARGET:-${CHOST}} != ${CHOST} ]] \
+ && export ac_cv_func_setpgrp_void=yes
+ econf \
+ --disable-desrpc \
+ --with-libcrypt \
+ --with-libcrack \
+ --enable-shared=no \
+ --enable-static=yes \
+ --with-libpam \
+ $(use_with skey libskey) \
+ $(use_with selinux) \
+ $(use_enable nls) \
+ || die "bad configure"
+
+ cd ${S}/man
+ emake SUBDIRS="" \
+ man_XMANS="faillog.5.xml faillog.8.xml lastlog.8.xml \
+ login.1.xml login.access.5.xml login.defs.5.xml" \
+ man_MANS="faillog.5 faillog.8 lastlog.8 \
+ login.1 login.access.5 login.defs.5" \
+ || die "emake man failed"
+ cd ${S}/libmisc
+ emake || die "emake libmisc failed"
+ cd ${S}/lib
+ emake || die "emake lib failed"
+ cd ${S}/src
+ emake faillog lastlog login || die "emake faillog lastlog login failed"
+}
+
+src_install() {
+ cd ${S}/man
+ make SUBDIRS="" \
+ man_XMANS="faillog.5.xml faillog.8.xml lastlog.8.xml \
+ login.1.xml login.defs.5.xml" \
+ man_MANS="faillog.5 faillog.8 lastlog.8 \
+ login.1 login.defs.5" \
+ DESTDIR=${D} install || die "emake man failed"
+ cd ${S}/src
+
+ into /
+ dobin ${S}/src/login
+ into /usr
+ dobin ${S}/src/{last,fail}log
+
+ newpamd "${FILESDIR}/login.pamd-4.0" login
+
+ insinto /etc
+ insopts -m0644
+ newins "${FILESDIR}/login.defs-4.0" login.defs
+
+ # Also install another one that we can use to check if
+ # we need to update it if FORCE_LOGIN_DEFS = "yes"
+ [ "${FORCE_LOGIN_DEFS}" = "yes" ] \
+ && newins "${FILESDIR}/login.defs" login.defs.new
+
+ dodoc ChangeLog NEWS README TODO
+}
+
+pkg_preinst() {
+ rm -f "${ROOT}/etc/login.defs.new"
+}
+
+pkg_postinst() {
+ [ "${FORCE_LOGIN_DEFS}" != "yes" ] && return 0
+
+ ewarn "Due to a compatibility issue, ${ROOT}etc/login.defs "
+ ewarn "is being updated automatically. Your old login.defs"
+ ewarn "will be backed up as: ${ROOT}etc/login.defs.bak"
+ echo
+
+ local CHECK1="`md5sum ${ROOT}/etc/login.defs | cut -d ' ' -f 1`"
+ local CHECK2="`md5sum ${ROOT}/etc/login.defs.new | cut -d ' ' -f 1`"
+
+ if [ "${CHECK1}" != "${CHECK2}" ]
+ then
+ cp -a ${ROOT}/etc/login.defs ${ROOT}/etc/login.defs.bak
+ mv -f ${ROOT}/etc/login.defs.new ${ROOT}/etc/login.defs
+ elif [ ! -f ${ROOT}/etc/login.defs ]
+ then
+ mv -f ${ROOT}/etc/login.defs.new ${ROOT}/etc/login.defs
+ else
+ rm -f ${ROOT}/etc/login.defs.new
+ fi
+}