diff options
Diffstat (limited to 'system/linux-pam')
-rw-r--r-- | system/linux-pam/APKBUILD | 91 | ||||
-rw-r--r-- | system/linux-pam/base-account.pamd | 3 | ||||
-rw-r--r-- | system/linux-pam/base-auth.pamd | 5 | ||||
-rw-r--r-- | system/linux-pam/base-password.pamd | 3 | ||||
-rw-r--r-- | system/linux-pam/base-session-noninteractive.pamd | 4 | ||||
-rw-r--r-- | system/linux-pam/base-session.pamd | 4 | ||||
-rw-r--r-- | system/linux-pam/fix-compat.patch | 21 | ||||
-rw-r--r-- | system/linux-pam/libpam-fix-build-with-eglibc-2.16.patch | 10 | ||||
-rw-r--r-- | system/linux-pam/musl-fix-pam_exec.patch | 31 | ||||
-rw-r--r-- | system/linux-pam/other.pamd | 6 | ||||
-rw-r--r-- | system/linux-pam/su.pamd | 6 |
11 files changed, 184 insertions, 0 deletions
diff --git a/system/linux-pam/APKBUILD b/system/linux-pam/APKBUILD new file mode 100644 index 000000000..f55963c5c --- /dev/null +++ b/system/linux-pam/APKBUILD @@ -0,0 +1,91 @@ +# Contributor: William Pitcock <nenolod@dereferenced.org> +# Maintainer: William Pitcock <nenolod@dereferenced.org> +pkgname=linux-pam +pkgver=1.3.0 +pkgrel=1 +pkgdesc="pluggable authentication modules for linux" +url="http://www.kernel.org/pub/linux/libs/pam" +arch="all" +license="BSD" +depends_dev="gettext-dev" +makedepends_host="$depends_dev" +makedepends_build="$depends_dev bison flex-dev autoconf automake libtool" +makedepends="$makedepends_host $makedepends_build" +options="suid !check" +subpackages="$pkgname-dev $pkgname-doc" +source="http://linux-pam.org/library/Linux-PAM-$pkgver.tar.bz2 + fix-compat.patch + libpam-fix-build-with-eglibc-2.16.patch + musl-fix-pam_exec.patch + + base-auth.pamd + base-account.pamd + base-password.pamd + base-session.pamd + base-session-noninteractive.pamd + other.pamd + su.pamd + " + +builddir="$srcdir"/Linux-PAM-$pkgver +prepare() { + cd "$builddir" + default_prepare + # disable insecure modules + sed -e 's/pam_rhosts//g' -i modules/Makefile.am +} + +build() { + cd "$builddir" + autoreconf -vif + [ "$CLIBC" = "musl" ] && export ac_cv_search_crypt=no + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --libdir=/lib \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --infodir=/usr/share/info \ + --localstatedir=/var \ + --disable-nls \ + --disable-db + make +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install + + # do not install pam.d files bundled with the source, they could be broken + rm -rf "$pkgdir"/etc/pam.d + + # install our pam.d files + mkdir "$pkgdir"/etc/pam.d + for i in $source; do + case $i in + *.pamd) + basename=$(echo $i | cut -d. -f1) + cp "$srcdir"/$i "$pkgdir"/etc/pam.d/"$basename" + # ensure users can use PAM services without SUID + chmod 644 "$pkgdir"/etc/pam.d/"$basename" + ;; + esac + done + + # delete pointless libtool archives. + chgrp shadow "$pkgdir"/sbin/unix_chkpwd \ + && chmod g+s "$pkgdir"/sbin/unix_chkpwd +} + +sha512sums="4a89ca4b6f4676107aca4018f7c11addf03495266b209cb11c913f8b5d191d9a1f72197715dcf2a69216b4036de88780bcbbb5a8652e386910d71ba1b6282e42 Linux-PAM-1.3.0.tar.bz2 +52b97e23084f7b835ce1fa441663f91a50ea797cb38ba2c6662bcdaf0d25ba487118442674ac347fb17353af126dd6b3b696612faa56cac428dd842d14e1c90d fix-compat.patch +f49edf3876cc6bcb87bbea4e7beaeb0a382d596898c755f5fbaf6c2ed4e0c8f082b2cd16dde8a74af82bb09a1334f463e07a4bb5b8a48f023ff90a67ad2fdd44 libpam-fix-build-with-eglibc-2.16.patch +bc443d2a9b1d90b81959ce6fa154042365d5e7840f8696f847a145bbaaeffcbe1e9cd2b8ba76131a7b48737929e281f4fe864582fa4fc40315f2d10c650e0cd9 musl-fix-pam_exec.patch +0672ab21adb969af2a0082e2559f1196d8a4f8b1cff2836f97e5f24edb03b6aed156c61cf335a4df978e423dcd9934ffee8cb5784ed5dde704d7e5ddec4ba9f6 base-auth.pamd +85462201a4044c7e170e617d39b0eceb4790abc6c0504999117548030a16d80a9d2078d1ad97690d7d346e6374201f0c52e792ccb08ce2b1c4bbf0cc2be96f5b base-account.pamd +8223b815148c3b9b874d2c283840f6428c266e56c7cf49ce8fc508c4945ae31c837bef96dab17f64a60812d1c9cd0055cf0a50d7951d23070b69bd2e5bb9666d base-password.pamd +b0138f662715974bd865d755c5e7d403faf5b9ad1b7e2b1d1598ad7eb5764a9ff407f1a5e6ce7f16db9fc10f8d643323b494563416fd6a654032529b52213c5b base-session.pamd +444e20046843057b17c0aac14d2b71a68923b989b3d8b478bbf684698673683186e928e5ca2e6cb9a1c76abc4248044a0e10ef6b06b3f51857106796ecce250d base-session-noninteractive.pamd +d103ba06b2c4929171e09c845f9866539220cd20d8d56a03d25850342ef5eabe281e958dfe1eaefd550c00f9440e8700c1d74c88c3001f933134ca6fd7cb9b7b other.pamd +b512d691f2a6b11fc329bf91dd05ca9c589bbd444308b27d3c87c75262dedf6afc68a9739229249a4bd3d0c43cb1f871eecbb93c4fe559e0f38bdabbffd06ad7 su.pamd" diff --git a/system/linux-pam/base-account.pamd b/system/linux-pam/base-account.pamd new file mode 100644 index 000000000..591092944 --- /dev/null +++ b/system/linux-pam/base-account.pamd @@ -0,0 +1,3 @@ +# basic PAM configuration for Alpine. + +account required pam_unix.so diff --git a/system/linux-pam/base-auth.pamd b/system/linux-pam/base-auth.pamd new file mode 100644 index 000000000..012445aa3 --- /dev/null +++ b/system/linux-pam/base-auth.pamd @@ -0,0 +1,5 @@ +# basic PAM configuration for Alpine. + +auth required pam_env.so +auth required pam_unix.so nullok_secure +auth required pam_nologin.so successok diff --git a/system/linux-pam/base-password.pamd b/system/linux-pam/base-password.pamd new file mode 100644 index 000000000..a146a93fe --- /dev/null +++ b/system/linux-pam/base-password.pamd @@ -0,0 +1,3 @@ +# basic PAM configuration for Alpine. + +password required pam_unix.so nullok obscure md5 sha512 diff --git a/system/linux-pam/base-session-noninteractive.pamd b/system/linux-pam/base-session-noninteractive.pamd new file mode 100644 index 000000000..85e07d594 --- /dev/null +++ b/system/linux-pam/base-session-noninteractive.pamd @@ -0,0 +1,4 @@ +# basic PAM configuration for Alpine. + +session required pam_limits.so +session required pam_unix.so diff --git a/system/linux-pam/base-session.pamd b/system/linux-pam/base-session.pamd new file mode 100644 index 000000000..bf5bcb734 --- /dev/null +++ b/system/linux-pam/base-session.pamd @@ -0,0 +1,4 @@ +# basic PAM configuration for Alpine. + +session include base-session-noninteractive +session required pam_motd.so diff --git a/system/linux-pam/fix-compat.patch b/system/linux-pam/fix-compat.patch new file mode 100644 index 000000000..4096c3a47 --- /dev/null +++ b/system/linux-pam/fix-compat.patch @@ -0,0 +1,21 @@ +--- Linux-PAM-1.1.6.orig/modules/pam_lastlog/pam_lastlog.c ++++ Linux-PAM-1.1.6/modules/pam_lastlog/pam_lastlog.c +@@ -10,6 +10,7 @@ + + #include "config.h" + ++#include <paths.h> + #include <fcntl.h> + #include <time.h> + #include <errno.h> +@@ -48,6 +49,10 @@ + + #ifndef _PATH_BTMP + # define _PATH_BTMP "/var/log/btmp" ++#endif ++ ++#ifndef __GLIBC__ ++#define logwtmp(args...) + #endif + + /* XXX - time before ignoring lock. Is 1 sec enough? */ diff --git a/system/linux-pam/libpam-fix-build-with-eglibc-2.16.patch b/system/linux-pam/libpam-fix-build-with-eglibc-2.16.patch new file mode 100644 index 000000000..1a0716598 --- /dev/null +++ b/system/linux-pam/libpam-fix-build-with-eglibc-2.16.patch @@ -0,0 +1,10 @@ +--- Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c.orig ++++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c +@@ -47,6 +47,7 @@ + #include <time.h> /* for time() */ + #include <errno.h> + #include <sys/wait.h> ++#include <sys/resource.h> + + #include <security/_pam_macros.h> + diff --git a/system/linux-pam/musl-fix-pam_exec.patch b/system/linux-pam/musl-fix-pam_exec.patch new file mode 100644 index 000000000..b6b999fae --- /dev/null +++ b/system/linux-pam/musl-fix-pam_exec.patch @@ -0,0 +1,31 @@ +--- ./modules/pam_exec/pam_exec.c.orig ++++ ./modules/pam_exec/pam_exec.c +@@ -103,11 +103,14 @@ + int optargc; + const char *logfile = NULL; + const char *authtok = NULL; ++ char authtok_buf[PAM_MAX_RESP_SIZE+1]; ++ + pid_t pid; + int fds[2]; + int stdout_fds[2]; + FILE *stdout_file = NULL; + ++ memset(authtok_buf, 0, sizeof(authtok_buf)); + if (argc < 1) { + pam_syslog (pamh, LOG_ERR, + "This module needs at least one argument"); +@@ -178,11 +181,11 @@ + } + + pam_set_item (pamh, PAM_AUTHTOK, resp); +- authtok = strndupa (resp, PAM_MAX_RESP_SIZE); ++ authtok = strncpy(authtok_buf, resp, sizeof(authtok_buf)); + _pam_drop (resp); + } + else +- authtok = strndupa (void_pass, PAM_MAX_RESP_SIZE); ++ authtok = strncpy(authtok_buf, void_pass, sizeof(authtok_buf)); + + if (pipe(fds) != 0) + { diff --git a/system/linux-pam/other.pamd b/system/linux-pam/other.pamd new file mode 100644 index 000000000..8c9797e71 --- /dev/null +++ b/system/linux-pam/other.pamd @@ -0,0 +1,6 @@ +# basic PAM configuration for Alpine. + +auth include base-auth +account include base-account +password include base-password +session include base-session-noninteractive diff --git a/system/linux-pam/su.pamd b/system/linux-pam/su.pamd new file mode 100644 index 000000000..84f2ae7ea --- /dev/null +++ b/system/linux-pam/su.pamd @@ -0,0 +1,6 @@ +# basic PAM configuration for Alpine. +auth sufficient pam_rootok.so +auth include base-auth +account include base-account +password include base-password +session include base-session-noninteractive |