summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/pam
diff options
context:
space:
mode:
authorRichard Purdie <rpurdie@linux.intel.com>2010-09-01 19:09:11 +0100
committerRichard Purdie <rpurdie@linux.intel.com>2010-09-01 19:09:57 +0100
commitd62ee7eaf2ba025c3f64b2d4e10dc7cec4637612 (patch)
treef36fe3008f36ff75cbdd31b630f8f13f1f205ebb /meta/recipes-extended/pam
parentcaab7fc509bf27706ff3248689f6afd04225cfda (diff)
downloadpoky-d62ee7eaf2ba025c3f64b2d4e10dc7cec4637612.tar.gz
packages: Separate out most of the remaining packages into recipes
Signed-off-by: Richard Purdie <rpurdie@linux.intel.com>
Diffstat (limited to 'meta/recipes-extended/pam')
-rw-r--r--meta/recipes-extended/pam/libpam-1.1.1/99_pam1
-rw-r--r--meta/recipes-extended/pam/libpam-1.1.1/disable_crossbinary.patch34
-rw-r--r--meta/recipes-extended/pam/libpam-1.1.1/pam.d/common-account25
-rw-r--r--meta/recipes-extended/pam/libpam-1.1.1/pam.d/common-auth18
-rw-r--r--meta/recipes-extended/pam/libpam-1.1.1/pam.d/common-password26
-rw-r--r--meta/recipes-extended/pam/libpam-1.1.1/pam.d/common-session19
-rw-r--r--meta/recipes-extended/pam/libpam-1.1.1/pam.d/common-session-noninteractive19
-rw-r--r--meta/recipes-extended/pam/libpam-1.1.1/pam.d/other27
-rw-r--r--meta/recipes-extended/pam/libpam_1.1.1.bb73
9 files changed, 242 insertions, 0 deletions
diff --git a/meta/recipes-extended/pam/libpam-1.1.1/99_pam b/meta/recipes-extended/pam/libpam-1.1.1/99_pam
new file mode 100644
index 0000000000..97e990d10b
--- /dev/null
+++ b/meta/recipes-extended/pam/libpam-1.1.1/99_pam
@@ -0,0 +1 @@
d root root 0755 /var/run/sepermit none
diff --git a/meta/recipes-extended/pam/libpam-1.1.1/disable_crossbinary.patch b/meta/recipes-extended/pam/libpam-1.1.1/disable_crossbinary.patch
new file mode 100644
index 0000000000..43359b08fe
--- /dev/null
+++ b/meta/recipes-extended/pam/libpam-1.1.1/disable_crossbinary.patch
@@ -0,0 +1,34 @@
1padout should be compiled using the native compiler but isn't.
2Disable this piece of documentation for now.
3
4RP
5
6Index: Linux-PAM-1.0.2/doc/specs/Makefile.am
7===================================================================
8--- Linux-PAM-1.0.2.orig/doc/specs/Makefile.am 2008-11-04 21:06:23.000000000 +0000
9+++ Linux-PAM-1.0.2/doc/specs/Makefile.am 2008-11-04 21:07:06.000000000 +0000
10@@ -2,21 +2,8 @@
11 # Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@suse.de>
12 #
13
14-CLEANFILES = draft-morgan-pam-current.txt *~
15+CLEANFILES = *~
16
17-EXTRA_DIST = draft-morgan-pam.raw std-agent-id.raw rfc86.0.txt
18+EXTRA_DIST = std-agent-id.raw rfc86.0.txt
19
20-draft-morgan-pam-current.txt: padout draft-morgan-pam.raw
21- ./padout < $(srcdir)/draft-morgan-pam.raw > draft-morgan-pam-current.txt
22-
23-AM_YFLAGS = -d
24-
25-BUILT_SOURCES = parse_y.h
26-
27-noinst_PROGRAMS = padout
28-
29-padout_SOURCES = parse_l.l parse_y.y
30-
31-padout_LDADD = @LEXLIB@
32-
33-doc_DATA = draft-morgan-pam-current.txt rfc86.0.txt
34+doc_DATA = rfc86.0.txt
diff --git a/meta/recipes-extended/pam/libpam-1.1.1/pam.d/common-account b/meta/recipes-extended/pam/libpam-1.1.1/pam.d/common-account
new file mode 100644
index 0000000000..316b17337b
--- /dev/null
+++ b/meta/recipes-extended/pam/libpam-1.1.1/pam.d/common-account
@@ -0,0 +1,25 @@
1#
2# /etc/pam.d/common-account - authorization settings common to all services
3#
4# This file is included from other service-specific PAM config files,
5# and should contain a list of the authorization modules that define
6# the central access policy for use on the system. The default is to
7# only deny service to users whose accounts are expired in /etc/shadow.
8#
9# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
10# To take advantage of this, it is recommended that you configure any
11# local modules either before or after the default block, and use
12# pam-auth-update to manage selection of other modules. See
13# pam-auth-update(8) for details.
14#
15
16# here are the per-package modules (the "Primary" block)
17account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
18# here's the fallback if no module succeeds
19account requisite pam_deny.so
20# prime the stack with a positive return value if there isn't one already;
21# this avoids us returning an error just because nothing sets a success code
22# since the modules above will each just jump around
23account required pam_permit.so
24# and here are more per-package modules (the "Additional" block)
25# end of pam-auth-update config
diff --git a/meta/recipes-extended/pam/libpam-1.1.1/pam.d/common-auth b/meta/recipes-extended/pam/libpam-1.1.1/pam.d/common-auth
new file mode 100644
index 0000000000..460b69f198
--- /dev/null
+++ b/meta/recipes-extended/pam/libpam-1.1.1/pam.d/common-auth
@@ -0,0 +1,18 @@
1#
2# /etc/pam.d/common-auth - authentication settings common to all services
3#
4# This file is included from other service-specific PAM config files,
5# and should contain a list of the authentication modules that define
6# the central authentication scheme for use on the system
7# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
8# traditional Unix authentication mechanisms.
9
10# here are the per-package modules (the "Primary" block)
11auth [success=1 default=ignore] pam_unix.so nullok_secure
12# here's the fallback if no module succeeds
13auth requisite pam_deny.so
14# prime the stack with a positive return value if there isn't one already;
15# this avoids us returning an error just because nothing sets a success code
16# since the modules above will each just jump around
17auth required pam_permit.so
18# and here are more per-package modules (the "Additional" block)
diff --git a/meta/recipes-extended/pam/libpam-1.1.1/pam.d/common-password b/meta/recipes-extended/pam/libpam-1.1.1/pam.d/common-password
new file mode 100644
index 0000000000..3896057328
--- /dev/null
+++ b/meta/recipes-extended/pam/libpam-1.1.1/pam.d/common-password
@@ -0,0 +1,26 @@
1#
2# /etc/pam.d/common-password - password-related modules common to all services
3#
4# This file is included from other service-specific PAM config files,
5# and should contain a list of modules that define the services to be
6# used to change user passwords. The default is pam_unix.
7
8# Explanation of pam_unix options:
9#
10# The "sha512" option enables salted SHA512 passwords. Without this option,
11# the default is Unix crypt. Prior releases used the option "md5".
12#
13# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
14# login.defs.
15#
16# See the pam_unix manpage for other options.
17
18# here are the per-package modules (the "Primary" block)
19password [success=1 default=ignore] pam_unix.so obscure sha512
20# here's the fallback if no module succeeds
21password requisite pam_deny.so
22# prime the stack with a positive return value if there isn't one already;
23# this avoids us returning an error just because nothing sets a success code
24# since the modules above will each just jump around
25password required pam_permit.so
26# and here are more per-package modules (the "Additional" block)
diff --git a/meta/recipes-extended/pam/libpam-1.1.1/pam.d/common-session b/meta/recipes-extended/pam/libpam-1.1.1/pam.d/common-session
new file mode 100644
index 0000000000..a594dd9d90
--- /dev/null
+++ b/meta/recipes-extended/pam/libpam-1.1.1/pam.d/common-session
@@ -0,0 +1,19 @@
1#
2# /etc/pam.d/common-session - session-related modules common to all services
3#
4# This file is included from other service-specific PAM config files,
5# and should contain a list of modules that define tasks to be performed
6# at the start and end of sessions of *any* kind (both interactive and
7# non-interactive).
8#
9
10# here are the per-package modules (the "Primary" block)
11session [default=1] pam_permit.so
12# here's the fallback if no module succeeds
13session requisite pam_deny.so
14# prime the stack with a positive return value if there isn't one already;
15# this avoids us returning an error just because nothing sets a success code
16# since the modules above will each just jump around
17session required pam_permit.so
18# and here are more per-package modules (the "Additional" block)
19session required pam_unix.so
diff --git a/meta/recipes-extended/pam/libpam-1.1.1/pam.d/common-session-noninteractive b/meta/recipes-extended/pam/libpam-1.1.1/pam.d/common-session-noninteractive
new file mode 100644
index 0000000000..b110bb2b49
--- /dev/null
+++ b/meta/recipes-extended/pam/libpam-1.1.1/pam.d/common-session-noninteractive
@@ -0,0 +1,19 @@
1#
2# /etc/pam.d/common-session-noninteractive - session-related modules
3# common to all non-interactive services
4#
5# This file is included from other service-specific PAM config files,
6# and should contain a list of modules that define tasks to be performed
7# at the start and end of all non-interactive sessions.
8#
9
10# here are the per-package modules (the "Primary" block)
11session [default=1] pam_permit.so
12# here's the fallback if no module succeeds
13session requisite pam_deny.so
14# prime the stack with a positive return value if there isn't one already;
15# this avoids us returning an error just because nothing sets a success code
16# since the modules above will each just jump around
17session required pam_permit.so
18# and here are more per-package modules (the "Additional" block)
19session required pam_unix.so
diff --git a/meta/recipes-extended/pam/libpam-1.1.1/pam.d/other b/meta/recipes-extended/pam/libpam-1.1.1/pam.d/other
new file mode 100644
index 0000000000..6e40cd0c02
--- /dev/null
+++ b/meta/recipes-extended/pam/libpam-1.1.1/pam.d/other
@@ -0,0 +1,27 @@
1#
2# /etc/pam.d/other - specify the PAM fallback behaviour
3#
4# Note that this file is used for any unspecified service; for example
5#if /etc/pam.d/cron specifies no session modules but cron calls
6#pam_open_session, the session module out of /etc/pam.d/other is
7#used.
8
9#If you really want nothing to happen then use pam_permit.so or
10#pam_deny.so as appropriate.
11
12# We use pam_warn.so to generate syslog notes that the 'other'
13#fallback rules are being used (as a hint to suggest you should setup
14#specific PAM rules for the service and aid to debugging). We then
15#fall back to the system default in /etc/pam.d/common-*
16
17auth required pam_warn.so
18auth include common-auth
19
20account required pam_warn.so
21account include common-account
22
23password required pam_warn.so
24password include common-password
25
26session required pam_warn.so
27session include common-session
diff --git a/meta/recipes-extended/pam/libpam_1.1.1.bb b/meta/recipes-extended/pam/libpam_1.1.1.bb
new file mode 100644
index 0000000000..536a0f5ce9
--- /dev/null
+++ b/meta/recipes-extended/pam/libpam_1.1.1.bb
@@ -0,0 +1,73 @@
1DESCRIPTION = "Linux-PAM (Pluggable Authentication Modules for Linux), Basically, it is a flexible mechanism for authenticating users"
2HOMEPAGE = "http://www.kernel.org/pub/linux/libs/pam/"
3BUGTRACKER = "http://sourceforge.net/projects/pam/support"
4# PAM allows dual licensed under GPL and BSD.
5# /etc/pam.d comes from Debian libpam-runtime in 2009-11 (at that time
6# libpam-runtime-1.0.1 is GPLv2+), by openembedded
7LICENSE = "GPLv2+ | BSD"
8PR = "r1"
9
10DEPENDS = "bison flex"
11RDEPENDS_${PN}-runtime = "libpam pam-plugin-deny pam-plugin-permit pam-plugin-warn pam-plugin-unix"
12RRECOMMENDS_${PN} = "libpam-runtime"
13
14SRC_URI = "http://www.kernel.org/pub/linux/libs/pam/library/Linux-PAM-${PV}.tar.bz2 \
15 file://disable_crossbinary.patch \
16 file://99_pam \
17 file://pam.d/*"
18
19EXTRA_OECONF = "--with-db-uniquename=_pam \
20 --includedir=${includedir}/security \
21 --libdir=${base_libdir} \
22 --disable-regenerate-docu"
23CFLAGS_append = " -fPIC "
24
25S = "${WORKDIR}/Linux-PAM-${PV}"
26
27inherit autotools gettext
28
29PACKAGES += "${PN}-runtime"
30FILES_${PN} = "${base_libdir}/lib*${SOLIBS}"
31FILES_${PN}-dbg += "${base_libdir}/security/.debug \
32 ${base_libdir}/security/pam_filter/.debug"
33FILES_${PN}-dev += "${base_libdir}/security/*.la ${base_libdir}/*.la ${base_libdir}/lib*${SOLIBSDEV}"
34FILES_${PN}-runtime = "${sysconfdir}"
35
36PACKAGES_DYNAMIC += " pam-plugin-*"
37
38python populate_packages_prepend () {
39 import os.path
40
41 def pam_plugin_append_file(pn, dir, file):
42 nf = os.path.join(dir, file)
43 of = bb.data.getVar('FILES_' + pn, d, True)
44 if of:
45 nf = of + " " + nf
46 bb.data.setVar('FILES_' + pn, nf, d)
47
48 dvar = bb.data.expand('${WORKDIR}/package', d, True)
49 pam_libdir = bb.data.expand('${base_libdir}/security', d)
50 pam_sbindir = bb.data.expand('${sbindir}', d)
51 pam_filterdir = bb.data.expand('${base_libdir}/security/pam_filter', d)
52
53 do_split_packages(d, pam_libdir, '^pam(.*)\.so$', 'pam-plugin%s', 'PAM plugin for %s', extra_depends='')
54 pam_plugin_append_file('pam-plugin-unix', pam_sbindir, 'unix_chkpwd')
55 pam_plugin_append_file('pam-plugin-unix', pam_sbindir, 'unix_update')
56 pam_plugin_append_file('pam-plugin-tally', pam_sbindir, 'pam_tally')
57 pam_plugin_append_file('pam-plugin-tally2', pam_sbindir, 'pam_tally2')
58 pam_plugin_append_file('pam-plugin-timestamp', pam_sbindir, 'pam_timestamp_check')
59 pam_plugin_append_file('pam-plugin-mkhomedir', pam_sbindir, 'mkhomedir_helper')
60 do_split_packages(d, pam_filterdir, '^(.*)$', 'pam-filter-%s', 'PAM filter for %s', extra_depends='')
61}
62
63do_install() {
64 autotools_do_install
65
66 # don't install /var/run when populating rootfs. Do it through volatile
67 rm -rf ${D}/var
68 install -d ${D}${sysconfdir}/default/volatiles
69 install -m 0644 ${WORKDIR}/99_pam ${D}/etc/default/volatiles
70
71 install -d ${D}${sysconfdir}/pam.d/
72 install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
73}