mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-24 07:51:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

Modify PAM build

Browse Source 
Include a patch that incorporates our existing account locking behaviour - a
leading exclamation mark in the password field in /etc/shadow indicates a locked
account. Also install configuration into /usr and provide a tmpfiles fragment to
bring it back.
This commit is contained in:
Matthew Garrett 2016-04-05 22:15:56 -07:00
parent 3480b2b920
commit 4d35ef8299
3 changed files with 28 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/pam-1.2.1-locked-accounts.patch vendored Normal file
View File

@ -0,0 +1,13 @@
diff -ur Linux-PAM-1.2.1.orig/modules/pam_unix/pam_unix_acct.c Linux-PAM-1.2.1/modules/pam_unix/pam_unix_acct.c
--- Linux-PAM-1.2.1.orig/modules/pam_unix/pam_unix_acct.c 2015-03-24 05:02:32.000000000 -0700
+++ Linux-PAM-1.2.1/modules/pam_unix/pam_unix_acct.c 2016-04-05 12:48:08.344913637 -0700
@@ -219,6 +219,9 @@
return retval;
}
+ if (pwent->pw_passwd != NULL && pwent->pw_passwd[0] == '!')
+ return PAM_PERM_DENIED;
+
if (retval == PAM_SUCCESS && spent == NULL)
return PAM_SUCCESS;

10
sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/tmpfiles.d/pam.conf vendored Normal file
View File

@ -0,0 +1,10 @@
d /etc/security 0755 root root - -
d /etc/security/limits.d 0755 root root - -
d /etc/security/namespace.d 0755 root root - -
f /etc/environment 0755 root root - -
L /etc/security/access.conf - - - - ../../usr/lib/pam/access.conf
L /etc/security/group.conf - - - - ../../usr/lib/pam/group.conf
L /etc/security/limits.conf - - - - ../../usr/lib/pam/limits.conf
L /etc/security/namespace.conf - - - - ../../usr/lib/pam/namespace.conf
L /etc/security/pam_env.conf - - - - ../../usr/lib/pam/pam_env.conf
L /etc/security/time.conf - - - - ../../usr/lib/pam/time.conf

23
sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.2.1.ebuild vendored
View File

@ -4,7 +4,7 @@
EAPI=5 EAPI=5
inherit libtool multilib multilib-minimal eutils pam toolchain-funcs flag-o-matic db-use inherit libtool multilib multilib-minimal eutils pam toolchain-funcs flag-o-matic db-use systemd
MY_PN="Linux-PAM" MY_PN="Linux-PAM"
MY_P="${MY_PN}-${PV}" MY_P="${MY_PN}-${PV}"
@ -93,6 +93,7 @@ src_unpack() {
} }
src_prepare() { src_prepare() {
epatch "${FILESDIR}"/pam-1.2.1-locked-accounts.patch
elibtoolize elibtoolize
} }
@ -132,24 +133,10 @@ multilib_src_compile() {
} }
multilib_src_install() { multilib_src_install() {
emake DESTDIR="${D}" install \ emake SCONFIGDIR="/usr/lib/pam/" DESTDIR="${D}" install \
sepermitlockdir="${EPREFIX}/run/sepermit" sepermitlockdir="${EPREFIX}/run/sepermit"
rm "${D}/etc/environment"
local prefix systemd_dotmpfilesd "${FILESDIR}/tmpfiles.d/pam.conf"
if multilib_is_native_abi; then
prefix=
gen_usr_ldscript -a pam pamc pam_misc
else
prefix=/usr
fi
# create extra symlinks just in case something depends on them...
local lib
for lib in pam pamc pam_misc; do
if ! [[ -f "${ED}"${prefix}/$(get_libdir)/lib${lib}$(get_libname) ]]; then
dosym lib${lib}$(get_libname 0) ${prefix}/$(get_libdir)/lib${lib}$(get_libname)
fi
done
} }
DOCS=( CHANGELOG ChangeLog README AUTHORS Copyright NEWS ) DOCS=( CHANGELOG ChangeLog README AUTHORS Copyright NEWS )