Ticket #9138: libpam-basefiles.patch

File libpam-basefiles.patch, 8.8 KB (added by DkSoul, 5 years ago)

libpam base files (common to/used by most services)

  • libpam/Makefile

     
    5050        ) 
    5151endef 
    5252 
    53  
    54  
    5553define Build/InstallDev 
    5654        $(INSTALL_DIR) $(1)/lib 
    5755        $(INSTALL_DIR) $(1)/usr/include 
     
    6058endef 
    6159 
    6260define Package/libpam/install 
    63         $(INSTALL_DIR) $(1)/lib 
    64         $(INSTALL_DIR) $(1)/etc 
     61        $(INSTALL_DIR) $(1)/lib $(1)/lib/security $(1)/lib/security/pam_filter  
     62        $(INSTALL_DIR) $(1)/etc $(1)/etc/pam.d 
    6563        $(INSTALL_DIR) $(1)/usr/sbin 
    66         $(CP) $(PKG_INSTALL_DIR)/lib/* $(1)/lib/ 
     64        $(CP) $(PKG_INSTALL_DIR)/lib/*.so* $(1)/lib/ 
     65        $(CP) $(PKG_INSTALL_DIR)/lib/security/*.so* $(1)/lib/security/ 
     66        $(CP) $(PKG_INSTALL_DIR)/lib/security/pam_filter/* $(1)/lib/security/pam_filter/ 
    6767        $(CP) $(PKG_INSTALL_DIR)/etc/* $(1)/etc/ 
     68        $(CP) ./files/* $(1)/etc/ 
    6869        $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/* $(1)/usr/sbin/ 
    6970endef 
    7071 
  • libpam/files/pam.d/common-auth

     
     1# 
     2# /etc/pam.d/common-auth - authentication settings common to all services 
     3# 
     4# This file is included from other service-specific PAM config files, 
     5# and should contain a list of the authentication modules that define 
     6# the central authentication scheme for use on the system 
     7# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the 
     8# traditional Unix authentication mechanisms. 
     9# 
     10 
     11# here are the per-package modules (the "Primary" block) 
     12auth    [success=1 default=ignore]      pam_unix.so nullok_secure 
     13# here's the fallback if no module succeeds 
     14auth    requisite                       pam_deny.so 
     15# prime the stack with a positive return value if there isn't one already; 
     16# this avoids us returning an error just because nothing sets a success code 
     17# since the modules above will each just jump around 
     18auth    required                        pam_permit.so 
     19# and here are more per-package modules (the "Additional" block) 
     20 
     21# end of pam-auth-update config 
  • libpam/files/pam.d/common-password

     
     1# 
     2# /etc/pam.d/common-password - password-related modules common to all services 
     3# 
     4# This file is included from other service-specific PAM config files, 
     5# and should contain a list of modules that define the services to be 
     6# used to change user passwords.  The default is pam_unix. 
     7 
     8# Explanation of pam_unix options: 
     9# 
     10# The "sha512" option enables salted SHA512 passwords.  Without this option, 
     11# the default is Unix crypt.  Prior releases used the option "md5". 
     12# 
     13# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in 
     14# login.defs. 
     15# 
     16# See the pam_unix manpage for other options. 
     17 
     18# here are the per-package modules (the "Primary" block) 
     19password        [success=1 default=ignore]      pam_unix.so obscure sha512 
     20# here's the fallback if no module succeeds 
     21password        requisite                       pam_deny.so 
     22# prime the stack with a positive return value if there isn't one already; 
     23# this avoids us returning an error just because nothing sets a success code 
     24# since the modules above will each just jump around 
     25password        required                        pam_permit.so 
     26# and here are more per-package modules (the "Additional" block) 
     27 
     28# end of pam-auth-update config 
  • libpam/files/pam.d/common-session

     
     1# 
     2# /etc/pam.d/common-session - session-related modules common to all services 
     3# 
     4# This file is included from other service-specific PAM config files, 
     5# and should contain a list of modules that define tasks to be performed 
     6# at the start and end of sessions of *any* kind (both interactive and 
     7# non-interactive). 
     8# 
     9 
     10# here are the per-package modules (the "Primary" block) 
     11session [default=1]                     pam_permit.so 
     12# here's the fallback if no module succeeds 
     13session requisite                       pam_deny.so 
     14# prime the stack with a positive return value if there isn't one already; 
     15# this avoids us returning an error just because nothing sets a success code 
     16# since the modules above will each just jump around 
     17session required                        pam_permit.so 
     18# The pam_umask module will set the umask according to the system default in 
     19# /etc/login.defs and user settings, solving the problem of different 
     20# umask settings with different shells, display managers, remote sessions etc. 
     21# See "man pam_umask". 
     22session optional                        pam_umask.so 
     23# and here are more per-package modules (the "Additional" block) 
     24session required                        pam_unix.so  
     25# end of pam-auth-update config 
  • libpam/files/pam.d/common-session-noninteractive

     
     1# 
     2# /etc/pam.d/common-session-noninteractive - session-related modules 
     3# common to all non-interactive services 
     4# 
     5# This file is included from other service-specific PAM config files, 
     6# and should contain a list of modules that define tasks to be performed 
     7# at the start and end of all non-interactive sessions. 
     8# 
     9 
     10# here are the per-package modules (the "Primary" block) 
     11session [default=1]                     pam_permit.so 
     12# here's the fallback if no module succeeds 
     13session requisite                       pam_deny.so 
     14# prime the stack with a positive return value if there isn't one already; 
     15# this avoids us returning an error just because nothing sets a success code 
     16# since the modules above will each just jump around 
     17session required                        pam_permit.so 
     18# The pam_umask module will set the umask according to the system default in 
     19# /etc/login.defs and user settings, solving the problem of different 
     20# umask settings with different shells, display managers, remote sessions etc. 
     21# See "man pam_umask". 
     22session optional                        pam_umask.so 
     23# and here are more per-package modules (the "Additional" block) 
     24session required                        pam_unix.so  
     25# end of pam-auth-update config 
  • libpam/files/pam.d/other

     
     1# 
     2# /etc/pam.d/other - specify the PAM fallback behaviour 
     3# 
     4# Note that this file is used for any unspecified service; for example 
     5#if /etc/pam.d/cron  specifies no session modules but cron calls 
     6#pam_open_session, the session module out of /etc/pam.d/other is 
     7#used.  If you really want nothing to happen then use pam_permit.so or 
     8#pam_deny.so as appropriate. 
     9 
     10# We fall back to the system default in /etc/pam.d/common-* 
     11#  
     12 
     13auth       include      common-auth 
     14account    include      common-account 
     15password   include      common-password 
     16session    include      common-session 
  • libpam/files/pam.d/common-account

     
     1# 
     2# /etc/pam.d/common-account - authorization settings common to all services 
     3# 
     4# This file is included from other service-specific PAM config files, 
     5# and should contain a list of the authorization modules that define 
     6# the central access policy for use on the system.  The default is to 
     7# only deny service to users whose accounts are expired in /etc/shadow. 
     8# 
     9 
     10# here are the per-package modules (the "Primary" block) 
     11account [success=1 new_authtok_reqd=done default=ignore]        pam_unix.so  
     12# here's the fallback if no module succeeds 
     13account requisite                       pam_deny.so 
     14# prime the stack with a positive return value if there isn't one already; 
     15# this avoids us returning an error just because nothing sets a success code 
     16# since the modules above will each just jump around 
     17account required                        pam_permit.so 
     18# and here are more per-package modules (the "Additional" block) 
     19 
     20# end of pam-auth-update config 
  • libpam/files/pam.conf

     
     1# ---------------------------------------------------------------------------# 
     2# /etc/pam.conf                                                              # 
     3# ---------------------------------------------------------------------------# 
     4# 
     5# NOTE 
     6# ---- 
     7# 
     8# NOTE: Most program use a file under the /etc/pam.d/ directory to setup their 
     9# PAM service modules. This file is used only if that directory does not exist. 
     10# ---------------------------------------------------------------------------# 
     11 
     12# Format: 
     13# serv. module     ctrl       module [path]     ...[args..]                  # 
     14# name  type       flag                                                      # 
     15