diff --git a/package/base/pam/cvs-fixes.patch b/package/base/pam/cvs-fixes.patch deleted file mode 100644 index 55b018587..000000000 --- a/package/base/pam/cvs-fixes.patch +++ /dev/null @@ -1,527 +0,0 @@ -# --- ROCK-COPYRIGHT-NOTE-BEGIN --- -# -# This copyright note is auto-generated by ./scripts/Create-CopyPatch. -# Please add additional copyright information _after_ the line containing -# the ROCK-COPYRIGHT-NOTE-END tag. Otherwise it might get removed by -# the ./scripts/Create-CopyPatch script. Do not edit this copyright text! -# -# ROCK Linux: rock-src/package/base/pam/cvs-fixes.patch -# ROCK Linux is Copyright (C) 1998 - 2004 Clifford Wolf -# -# This patch file is dual-licensed. It is available under the license the -# patched project is licensed under, as long as it is an OpenSource license -# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms -# of the GNU General Public License as published by the Free Software -# Foundation; either version 2 of the License, or (at your option) any later -# version. -# -# --- ROCK-COPYRIGHT-NOTE-END --- - - -Some fixes from PAM cvs (checked out at 2003-05-03). - -diff -x CVS -x '*cvs*' -ruN Linux-PAM-0.77/modules/pam_unix/Makefile Linux-PAM/modules/pam_unix/Makefile ---- Linux-PAM-0.77/modules/pam_unix/Makefile 2001-02-11 07:33:53.000000000 +0100 -+++ Linux-PAM/modules/pam_unix/Makefile 2003-01-14 06:43:07.000000000 +0100 -@@ -41,8 +41,10 @@ - - ######################################################################## - --CFLAGS += $(USE_CRACKLIB) $(USE_LCKPWDF) $(NEED_LCKPWDF) $(EXTRAS) --LDLIBS = $(EXTRALS) -+CFLAGS += $(USE_CRACKLIB) $(USE_LCKPWDF) $(NEED_LCKPWDF) $(EXTRAS) \ -+ -I../pammodutil/include -+ -+LDLIBS = $(EXTRALS) -L../pammodutil -lpammodutil - - ifdef USE_CRACKLIB - CRACKLIB = -lcrack -diff -x CVS -x '*cvs*' -ruN Linux-PAM-0.77/modules/pam_unix/pam_unix_passwd.c Linux-PAM/modules/pam_unix/pam_unix_passwd.c ---- Linux-PAM-0.77/modules/pam_unix/pam_unix_passwd.c 2002-07-09 06:44:18.000000000 +0200 -+++ Linux-PAM/modules/pam_unix/pam_unix_passwd.c 2003-01-14 06:43:07.000000000 +0100 -@@ -88,7 +88,7 @@ - */ - - #ifdef NEED_LCKPWDF --#include "./lckpwdf.-c" -+# include "./lckpwdf.-c" - #endif - - extern char *bigcrypt(const char *key, const char *salt); -@@ -471,10 +471,7 @@ - - D(("called")); - -- setpwent(); - pwd = getpwnam(forwho); -- endpwent(); -- - if (pwd == NULL) - return PAM_AUTHTOK_ERR; - -@@ -544,6 +541,24 @@ - if (save_old_password(forwho, fromwhat, remember)) { - return PAM_AUTHTOK_ERR; - } -+ -+#ifdef USE_LCKPWDF -+ /* -+ * These values for the number of attempts and the sleep time -+ * are, of course, completely arbitrary. -+ * -+ * My reading of the PAM docs is that, once pam_chauthtok() -+ * has been called with PAM_UPDATE_AUTHTOK, we are obliged to -+ * take any reasonable steps to make sure the token is -+ * updated; so retrying for 1/10 sec. isn't overdoing it. -+ */ -+ -+ retval = lckpwdf(); -+ if (retval != 0) { -+ return PAM_AUTHTOK_LOCK_BUSY; -+ } -+#endif /* def USE_LCKPWDF */ -+ - if (on(UNIX_SHADOW, ctrl) || (strcmp(pwd->pw_passwd, "x") == 0)) { - retval = _update_shadow(forwho, towhat); - if (retval == PAM_SUCCESS) -@@ -552,6 +567,10 @@ - retval = _update_passwd(pamh, forwho, towhat); - } - -+#ifdef USE_LCKPWDF -+ ulckpwdf(); -+#endif /* def USE_LCKPWDF */ -+ - return retval; - } - -@@ -563,9 +582,7 @@ - int retval = PAM_SUCCESS; - - /* UNIX passwords area */ -- setpwent(); - pwd = getpwnam(user); /* Get password file entry... */ -- endpwent(); - if (pwd == NULL) - return PAM_AUTHINFO_UNAVAIL; /* We don't need to do the rest... */ - -@@ -679,7 +696,7 @@ - int argc, const char **argv) - { - unsigned int ctrl, lctrl; -- int retval, i; -+ int retval; - int remember = -1; - - /* */ -@@ -689,33 +706,12 @@ - - D(("called.")); - --#ifdef USE_LCKPWDF -- /* our current locking system requires that we lock the -- entire password database. This avoids both livelock -- and deadlock. */ -- /* These values for the number of attempts and the sleep time -- are, of course, completely arbitrary. -- My reading of the PAM docs is that, once pam_chauthtok() has been -- called with PAM_UPDATE_AUTHTOK, we are obliged to take any -- reasonable steps to make sure the token is updated; so retrying -- for 1/10 sec. isn't overdoing it. -- The other possibility is to call lckpwdf() on the first -- pam_chauthtok() pass, and hold the lock until released in the -- second pass--but is this guaranteed to work? -SRL */ -- i=0; -- while((retval = lckpwdf()) != 0 && i < 100) { -- usleep(1000); -- } -- if(retval != 0) { -- return PAM_AUTHTOK_LOCK_BUSY; -- } --#endif - ctrl = _set_ctrl(pamh, flags, &remember, argc, argv); - - /* - * First get the name of a user - */ -- retval = pam_get_user(pamh, &user, "Username: "); -+ retval = pam_get_user(pamh, &user, NULL); - if (retval == PAM_SUCCESS) { - /* - * Various libraries at various times have had bugs related to -@@ -725,9 +721,6 @@ - */ - if (user == NULL || !isalnum(*user)) { - _log_err(LOG_ERR, pamh, "bad username [%s]", user); --#ifdef USE_LCKPWDF -- ulckpwdf(); --#endif - return PAM_USER_UNKNOWN; - } - if (retval == PAM_SUCCESS && on(UNIX_DEBUG, ctrl)) -@@ -737,9 +730,6 @@ - if (on(UNIX_DEBUG, ctrl)) - _log_err(LOG_DEBUG, pamh, - "password - could not identify user"); --#ifdef USE_LCKPWDF -- ulckpwdf(); --#endif - return retval; - } - -@@ -761,9 +751,6 @@ - D(("prelim check")); - - if (_unix_blankpasswd(ctrl, user)) { --#ifdef USE_LCKPWDF -- ulckpwdf(); --#endif - return PAM_SUCCESS; - } else if (off(UNIX__IAMROOT, ctrl)) { - -@@ -773,9 +760,6 @@ - if (Announce == NULL) { - _log_err(LOG_CRIT, pamh, - "password - out of memory"); --#ifdef USE_LCKPWDF -- ulckpwdf(); --#endif - return PAM_BUF_ERR; - } - (void) strcpy(Announce, greeting); -@@ -795,9 +779,6 @@ - if (retval != PAM_SUCCESS) { - _log_err(LOG_NOTICE, pamh - ,"password - (old) token not obtained"); --#ifdef USE_LCKPWDF -- ulckpwdf(); --#endif - return retval; - } - /* verify that this is the password for this user */ -@@ -812,9 +793,6 @@ - if (retval != PAM_SUCCESS) { - D(("Authentication failed")); - pass_old = NULL; --#ifdef USE_LCKPWDF -- ulckpwdf(); --#endif - return retval; - } - retval = pam_set_item(pamh, PAM_OLDAUTHTOK, (const void *) pass_old); -@@ -867,17 +845,11 @@ - - if (retval != PAM_SUCCESS) { - _log_err(LOG_NOTICE, pamh, "user not authenticated"); --#ifdef USE_LCKPWDF -- ulckpwdf(); --#endif - return retval; - } - retval = _unix_verify_shadow(user, ctrl); - if (retval != PAM_SUCCESS) { - _log_err(LOG_NOTICE, pamh, "user not authenticated 2"); --#ifdef USE_LCKPWDF -- ulckpwdf(); --#endif - return retval; - } - D(("get new password now")); -@@ -908,9 +880,6 @@ - ,"password - new password not obtained"); - } - pass_old = NULL; /* tidy up */ --#ifdef USE_LCKPWDF -- ulckpwdf(); --#endif - return retval; - } - D(("returned to _unix_chauthtok")); -@@ -931,9 +900,6 @@ - _log_err(LOG_NOTICE, pamh, - "new password not acceptable"); - pass_new = pass_old = NULL; /* tidy up */ --#ifdef USE_LCKPWDF -- ulckpwdf(); --#endif - return retval; - } - /* -@@ -974,9 +940,6 @@ - _log_err(LOG_CRIT, pamh, - "out of memory for password"); - pass_new = pass_old = NULL; /* tidy up */ --#ifdef USE_LCKPWDF -- ulckpwdf(); --#endif - return PAM_BUF_ERR; - } - /* copy first 8 bytes of password */ -@@ -998,6 +961,7 @@ - - retval = _do_setpass(pamh, user, pass_old, tpass, ctrl, - remember); -+ - _pam_delete(tpass); - pass_old = pass_new = NULL; - } else { /* something has broken with the module */ -@@ -1008,9 +972,6 @@ - - D(("retval was %d", retval)); - --#ifdef USE_LCKPWDF -- ulckpwdf(); --#endif - return retval; - } - -diff -x CVS -x '*cvs*' -ruN Linux-PAM-0.77/modules/pam_unix/pam_unix_sess.c Linux-PAM/modules/pam_unix/pam_unix_sess.c ---- Linux-PAM-0.77/modules/pam_unix/pam_unix_sess.c 2000-12-20 06:15:05.000000000 +0100 -+++ Linux-PAM/modules/pam_unix/pam_unix_sess.c 2003-01-14 06:43:07.000000000 +0100 -@@ -53,6 +53,7 @@ - - #include - #include -+#include - - #ifndef LINUX_PAM - #include -@@ -71,6 +72,7 @@ - char *user_name, *service; - unsigned int ctrl; - int retval; -+ const char *login_name; - - D(("called.")); - -@@ -89,9 +91,12 @@ - "open_session - error recovering service"); - return PAM_SESSION_ERR; - } -- _log_err(LOG_INFO, pamh, "session opened for user %s by %s(uid=%d)" -- ,user_name -- ,PAM_getlogin() == NULL ? "" : PAM_getlogin(), getuid()); -+ login_name = _pammodutil_getlogin(pamh); -+ if (login_name == NULL) { -+ login_name = ""; -+ } -+ _log_err(LOG_INFO, pamh, "session opened for user %s by %s(uid=%d)", -+ user_name, login_name, getuid()); - - return PAM_SUCCESS; - } -diff -x CVS -x '*cvs*' -ruN Linux-PAM-0.77/modules/pam_unix/support.c Linux-PAM/modules/pam_unix/support.c ---- Linux-PAM-0.77/modules/pam_unix/support.c 2002-09-23 19:33:22.000000000 +0200 -+++ Linux-PAM/modules/pam_unix/support.c 2003-01-14 06:43:07.000000000 +0100 -@@ -20,6 +20,7 @@ - - #include - #include -+#include - - #include "md5.h" - #include "support.h" -@@ -107,36 +108,6 @@ - return retval; - } - -- /* -- * Beacause getlogin() is braindead and sometimes it just -- * doesn't work, we reimplement it here. -- */ --char *PAM_getlogin(void) --{ -- struct utmp *ut, line; -- char *curr_tty, *retval; -- static char curr_user[sizeof(ut->ut_user) + 4]; -- -- retval = NULL; -- -- curr_tty = ttyname(0); -- if (curr_tty != NULL) { -- D(("PAM_getlogin ttyname: %s", curr_tty)); -- curr_tty += 5; -- setutent(); -- strncpy(line.ut_line, curr_tty, sizeof(line.ut_line)); -- if ((ut = getutline(&line)) != NULL) { -- strncpy(curr_user, ut->ut_user, sizeof(ut->ut_user)); -- curr_user[sizeof(curr_user) - 1] = '\0'; -- retval = curr_user; -- } -- endutent(); -- } -- D(("PAM_getlogin retval: %s", retval)); -- -- return retval; --} -- - /* - * set the control flags for the UNIX module. - */ -@@ -668,10 +639,17 @@ - - if (new != NULL) { - -- new->user = x_strdup(name ? name : ""); -+ const char *login_name; -+ -+ login_name = _pammodutil_getlogin(pamh); -+ if (login_name == NULL) { -+ login_name = ""; -+ } -+ -+ new->user = x_strdup(name ? name : ""); - new->uid = getuid(); - new->euid = geteuid(); -- new->name = x_strdup(PAM_getlogin()? PAM_getlogin() : ""); -+ new->name = x_strdup(login_name); - - /* any previous failures for this user ? */ - pam_get_data(pamh, data_name, (const void **) &old); -diff -x CVS -x '*cvs*' -ruN Linux-PAM-0.77/modules/pam_unix/support.h Linux-PAM/modules/pam_unix/support.h ---- Linux-PAM-0.77/modules/pam_unix/support.h 2002-07-11 07:43:51.000000000 +0200 -+++ Linux-PAM/modules/pam_unix/support.h 2003-01-14 06:43:07.000000000 +0100 -@@ -125,7 +125,6 @@ - _pam_drop(xx); \ - } - --extern char *PAM_getlogin(void); - extern void _log_err(int err, pam_handle_t *pamh, const char *format,...); - extern int _make_remark(pam_handle_t * pamh, unsigned int ctrl - ,int type, const char *text); -diff -x CVS -x '*cvs*' -ruN Linux-PAM-0.77/modules/pam_wheel/pam_wheel.c Linux-PAM/modules/pam_wheel/pam_wheel.c ---- Linux-PAM-0.77/modules/pam_wheel/pam_wheel.c 2002-07-13 07:48:19.000000000 +0200 -+++ Linux-PAM/modules/pam_wheel/pam_wheel.c 2003-01-14 06:43:07.000000000 +0100 -@@ -43,6 +43,7 @@ - #define PAM_SM_ACCOUNT - - #include -+#include - - /* some syslogging */ - -@@ -110,7 +111,7 @@ - const char *use_group) - { - const char *username = NULL; -- char *fromsu; -+ const char *fromsu; - struct passwd *pwd, *tpwd; - struct group *grp; - int retval = PAM_AUTH_ERR; -@@ -142,7 +143,7 @@ - } - fromsu = tpwd->pw_name; - } else { -- fromsu = getlogin(); -+ fromsu = _pammodutil_getlogin(pamh); - if (fromsu) { - tpwd = getpwnam(fromsu); - } -diff -x CVS -x '*cvs*' -ruN Linux-PAM-0.77/modules/pammodutil/Makefile Linux-PAM/modules/pammodutil/Makefile ---- Linux-PAM-0.77/modules/pammodutil/Makefile 2001-12-09 23:15:12.000000000 +0100 -+++ Linux-PAM/modules/pammodutil/Makefile 2003-01-14 06:43:07.000000000 +0100 -@@ -18,7 +18,8 @@ - -DLIBPAM_VERSION_MINOR=$(MINOR_REL) - - # all the object files we care about --LIBOBJECTS = modutil_cleanup.o modutil_getpwnam.o modutil_getpwuid.o -+LIBOBJECTS = modutil_cleanup.o modutil_getpwnam.o modutil_getpwuid.o \ -+ modutil_getlogin.o - - # static library name - LIBSTATIC = $(LIBNAME).a -diff -x CVS -x '*cvs*' -ruN Linux-PAM-0.77/modules/pammodutil/include/security/_pam_modutil.h Linux-PAM/modules/pammodutil/include/security/_pam_modutil.h ---- Linux-PAM-0.77/modules/pammodutil/include/security/_pam_modutil.h 2001-12-09 23:15:12.000000000 +0100 -+++ Linux-PAM/modules/pammodutil/include/security/_pam_modutil.h 2003-01-14 06:43:08.000000000 +0100 -@@ -15,7 +15,7 @@ - * On systems that simply can't support thread safe programming, these - * functions don't support it either - sorry. - * -- * Copyright (c) 2001 Andrew Morgan -+ * Copyright (c) 2001-2002 Andrew Morgan - */ - - #include -@@ -30,4 +30,6 @@ - extern void _pammodutil_cleanup(pam_handle_t *pamh, void *data, - int error_status); - -+extern const char *_pammodutil_getlogin(pam_handle_t *pamh); -+ - #endif /* _PAM_MODUTIL_H */ -diff -x CVS -x '*cvs*' -ruN Linux-PAM-0.77/modules/pammodutil/modutil_getlogin.c Linux-PAM/modules/pammodutil/modutil_getlogin.c ---- Linux-PAM-0.77/modules/pammodutil/modutil_getlogin.c 1970-01-01 01:00:00.000000000 +0100 -+++ Linux-PAM/modules/pammodutil/modutil_getlogin.c 2003-01-14 06:43:08.000000000 +0100 -@@ -0,0 +1,71 @@ -+/* -+ * $Id: cvs-fixes.patch,v 1.3 2003/05/18 06:06:14 clifford Exp $ -+ * -+ * A central point for invoking getlogin(). Hopefully, this is a -+ * little harder to spoof than all the other versions that are out -+ * there. -+ */ -+ -+#include -+#include -+#include -+ -+#include "pammodutil.h" -+ -+#define _PAMMODUTIL_GETLOGIN "_pammodutil_getlogin" -+ -+const char *_pammodutil_getlogin(pam_handle_t *pamh) -+{ -+ int status; -+ const char *logname, *curr_tty; -+ char *curr_user; -+ struct utmp *ut, line; -+ -+ status = pam_get_data(pamh, _PAMMODUTIL_GETLOGIN, -+ (const void **) &logname); -+ if (status == PAM_SUCCESS) { -+ return logname; -+ } -+ -+ status = pam_get_item(pamh, PAM_TTY, (const void **) &curr_tty); -+ if ((status != PAM_SUCCESS) || (curr_tty == NULL)) { -+ curr_tty = ttyname(0); -+ } -+ -+ if ((curr_tty == NULL) || memcmp(curr_tty, "/dev/", 5)) { -+ return NULL; -+ } -+ -+ curr_tty += 5; /* strlen("/dev/") */ -+ logname = NULL; -+ -+ setutent(); -+ strncpy(line.ut_line, curr_tty, sizeof(line.ut_line)); -+ -+ if ((ut = getutline(&line)) == NULL) { -+ goto clean_up_and_go_home; -+ } -+ -+ curr_user = calloc(sizeof(line.ut_user)+1, 1); -+ if (curr_user == NULL) { -+ goto clean_up_and_go_home; -+ } -+ -+ strncpy(curr_user, ut->ut_user, sizeof(ut->ut_user)); -+ curr_user[sizeof(line.ut_user)] = '\0'; -+ -+ status = pam_set_data(pamh, _PAMMODUTIL_GETLOGIN, logname, -+ _pammodutil_cleanup); -+ if (status != PAM_SUCCESS) { -+ free(curr_user); -+ goto clean_up_and_go_home; -+ } -+ -+ logname = curr_user; -+ -+clean_up_and_go_home: -+ -+ endutent(); -+ -+ return logname; -+} diff --git a/package/base/pam/etc_pamd_shadow.txt b/package/base/pam/etc_pamd_shadow.txt deleted file mode 100644 index c2b0001b8..000000000 --- a/package/base/pam/etc_pamd_shadow.txt +++ /dev/null @@ -1,11 +0,0 @@ -# -# PAM Configuration for all shadow utils like: -# chpasswd, groupadd, groupdel, groupmod, newusers, useradd, userdel, usermod. -# -# Some documentation on this file format can be found at: -# http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html -# - -auth sufficient pam_rootok.so -account required pam_permit.so -password required pam_permit.so diff --git a/package/base/pam/etc_pamd_su.txt b/package/base/pam/etc_pamd_su.txt deleted file mode 100644 index bc46e87c6..000000000 --- a/package/base/pam/etc_pamd_su.txt +++ /dev/null @@ -1,18 +0,0 @@ -# -# PAM Configuration for 'su'. The only difference to the 'other' config -# ist the 'pam_rootok.so' entry for 'auth'. -# -# Some documentation on this file format can be found at: -# http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html -# - -auth sufficient pam_rootok.so -auth required pam_unix.so nullok - -account required pam_unix.so - -session required pam_unix.so - -password required pam_cracklib.so -password required pam_unix.so use_authtok md5 - diff --git a/package/base/pam/pam.conf b/package/base/pam/pam.conf index 2ba9b07a2..464d0d3aa 100644 --- a/package/base/pam/pam.conf +++ b/package/base/pam/pam.conf @@ -28,18 +28,11 @@ libdir="$root/lib" install_pam_configs() { mkdir -p $root/etc/pam.d - for x in other su shadow; do - if [ ! -f $root/etc/pam.d/$x ]; then - cp -v $confdir/etc_pamd_$x.txt $root/etc/pam.d/$x - else - touch $root/etc/pam.d/$x - fi - done - for x in useradd chage; do - if [ ! -f $root/etc/pam.d/$x ]; then - ln -s shadow $root/etc/pam.d/$x - fi - done + if [ ! -f $root/etc/pam.d/other ]; then + cp -v $confdir/etc_pamd_other.txt $root/etc/pam.d/other + else + touch $root/etc/pam.d/other + fi } # Install default pam.d/* files (without them, diff --git a/package/base/pam/pam.desc b/package/base/pam/pam.desc index 83e757fbc..9f3096540 100644 --- a/package/base/pam/pam.desc +++ b/package/base/pam/pam.desc @@ -33,15 +33,14 @@ [A] Andrew Morgan [M] Clifford Wolf -[M] Chris Hamilton [C] base/library [F] CORE [L] GPL [S] Stable -[V] 0.77 +[V] 0.78 [P] X -?-3-----9 178.700 -[D] 1107552607 Linux-PAM-0.77.tar.bz2 http://www.kernel.org/pub/linux/libs/pam/pre/library/ +[D] 2736585773 Linux-PAM-0.78.tar.bz2 http://www.kernel.org/pub/linux/libs/pam/pre/library/ diff --git a/package/base/pam/pic-and-linker.patch b/package/base/pam/pic-and-linker.patch deleted file mode 100644 index febc72218..000000000 --- a/package/base/pam/pic-and-linker.patch +++ /dev/null @@ -1,165 +0,0 @@ -# --- ROCK-COPYRIGHT-NOTE-BEGIN --- -# -# This copyright note is auto-generated by ./scripts/Create-CopyPatch. -# Please add additional copyright information _after_ the line containing -# the ROCK-COPYRIGHT-NOTE-END tag. Otherwise it might get removed by -# the ./scripts/Create-CopyPatch script. Do not edit this copyright text! -# -# ROCK Linux: rock-src/package/base/pam/pic-and-linker.patch -# ROCK Linux is Copyright (C) 1998 - 2004 Clifford Wolf -# -# This patch file is dual-licensed. It is available under the license the -# patched project is licensed under, as long as it is an OpenSource license -# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms -# of the GNU General Public License as published by the Free Software -# Foundation; either version 2 of the License, or (at your option) any later -# version. -# -# --- ROCK-COPYRIGHT-NOTE-END --- - -diff -durN Linux-PAM-0.77-orig/configure.in Linux-PAM-0.77/configure.in ---- Linux-PAM-0.77-orig/configure.in 2002-07-09 08:17:13.000000000 +0200 -+++ Linux-PAM-0.77/configure.in 2004-11-19 11:22:20.614688504 +0100 -@@ -309,8 +309,9 @@ - WARNINGS="$GCC_WARNINGS" - PIC="-fPIC" - DYNTYPE=so -- LD=ld -- LD_L="$LD -x -shared" -+ LD=gcc -+ LD_L="$LD -shared -Xlinker -x" -+ SOSWITCH="-Xlinker -soname -Xlinker" - RANLIB=ranlib - STRIP=strip - CC_STATIC="-Xlinker -export-dynamic" -diff -durN Linux-PAM-0.77-orig/configure Linux-PAM-0.77/configure ---- Linux-PAM-0.77-orig/configure 2002-07-09 08:17:13.000000000 +0200 -+++ Linux-PAM-0.77/configure 2004-11-19 11:22:20.616688200 +0100 -@@ -2479,8 +2479,9 @@ - WARNINGS="$GCC_WARNINGS" - PIC="-fPIC" - DYNTYPE=so -- LD=ld -- LD_L="$LD -x -shared" -+ LD=gcc -+ LD_L="$LD -shared -Xlinker -x" -+ SOSWITCH="-Xlinker -soname -Xlinker" - RANLIB=ranlib - STRIP=strip - CC_STATIC="-Xlinker -export-dynamic" -diff -durN Linux-PAM-0.77-orig/libpam/Makefile Linux-PAM-0.77/libpam/Makefile ---- Linux-PAM-0.77-orig/libpam/Makefile 2001-12-09 22:44:58.000000000 +0100 -+++ Linux-PAM-0.77/libpam/Makefile 2004-11-19 11:22:20.616688200 +0100 -@@ -84,7 +84,7 @@ - endif - - dynamic/%.o : %.c -- $(CC) $(CFLAGS) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ -+ $(CC) $(CFLAGS) $(CPPFLAGS) $(TARGET_ARCH) $(PIC) -c $< -o $@ - - static/%.o : %.c - $(CC) $(CFLAGS) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ -diff -durN Linux-PAM-0.77-orig/libpamc/Makefile Linux-PAM-0.77/libpamc/Makefile ---- Linux-PAM-0.77-orig/libpamc/Makefile 2001-02-10 08:17:53.000000000 +0100 -+++ Linux-PAM-0.77/libpamc/Makefile 2004-11-19 11:22:20.617688048 +0100 -@@ -51,7 +51,7 @@ - endif - - dynamic/%.o : %.c -- $(CC) $(CFLAGS) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ -+ $(CC) $(CFLAGS) $(CPPFLAGS) $(TARGET_ARCH) $(PIC) -c $< -o $@ - - static/%.o : %.c - $(CC) $(CFLAGS) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ -diff -durN Linux-PAM-0.77-orig/libpam_misc/Makefile Linux-PAM-0.77/libpam_misc/Makefile ---- Linux-PAM-0.77-orig/libpam_misc/Makefile 2002-06-27 06:04:54.000000000 +0200 -+++ Linux-PAM-0.77/libpam_misc/Makefile 2004-11-19 11:22:20.617688048 +0100 -@@ -52,7 +52,7 @@ - endif - - dynamic/%.o : %.c -- $(CC) $(CFLAGS) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ -+ $(CC) $(CFLAGS) $(CPPFLAGS) $(TARGET_ARCH) $(PIC) -c $< -o $@ - - static/%.o : %.c - $(CC) $(CFLAGS) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ -diff -durN Linux-PAM-0.77-orig/modules/pam_filter/Makefile Linux-PAM-0.77/modules/pam_filter/Makefile ---- Linux-PAM-0.77-orig/modules/pam_filter/Makefile 2001-11-11 08:43:54.000000000 +0100 -+++ Linux-PAM-0.77/modules/pam_filter/Makefile 2004-11-19 11:22:39.087880152 +0100 -@@ -29,7 +29,7 @@ - LIBOBJS = $(addprefix static/,$(LIBOBJ)) - - dynamic/%.o : %.c -- $(CC) $(CFLAGS) $(DYNAMIC) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ -+ $(CC) $(CFLAGS) $(DYNAMIC) $(CPPFLAGS) $(TARGET_ARCH) $(PIC) -c $< -o $@ - - static/%.o : %.c - $(CC) $(CFLAGS) $(STATIC) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ -diff -durN Linux-PAM-0.77-orig/modules/pam_tally/Makefile Linux-PAM-0.77/modules/pam_tally/Makefile ---- Linux-PAM-0.77-orig/modules/pam_tally/Makefile 2001-06-27 08:20:43.000000000 +0200 -+++ Linux-PAM-0.77/modules/pam_tally/Makefile 2004-11-19 11:22:39.087880152 +0100 -@@ -27,7 +27,7 @@ - APPOBJS = $(addprefix static/,$(APPOBJ)) - - dynamic/%.o : %.c -- $(CC) $(CFLAGS) $(DYNAMIC) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ -+ $(CC) $(CFLAGS) $(DYNAMIC) $(CPPFLAGS) $(TARGET_ARCH) $(PIC) -c $< -o $@ - - static/%.o : %.c - $(CC) $(CFLAGS) $(STATIC) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ -diff -durN Linux-PAM-0.77-orig/modules/pam_unix/Makefile Linux-PAM-0.77/modules/pam_unix/Makefile ---- Linux-PAM-0.77-orig/modules/pam_unix/Makefile 2001-02-11 07:33:53.000000000 +0100 -+++ Linux-PAM-0.77/modules/pam_unix/Makefile 2004-11-19 11:22:39.087880152 +0100 -@@ -72,7 +72,7 @@ - all: dirs info $(PLUS) $(LIBSHARED) $(LIBSTATIC) $(CHKPWD) register - - dynamic/%.o : %.c -- $(CC) $(CFLAGS) $(DYNAMIC) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ -+ $(CC) $(CFLAGS) $(DYNAMIC) $(CPPFLAGS) $(TARGET_ARCH) $(PIC) -c $< -o $@ - - static/%.o: %.c - $(CC) $(CFLAGS) $(STATIC) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ -@@ -125,21 +125,27 @@ - unix_chkpwd.o: unix_chkpwd.c - $(CC) $(CFLAGS) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ - -+yppasswd_xdr.o: yppasswd_xdr.c -+ $(CC) $(CFLAGS) $(CPPFLAGS) $(TARGET_ARCH) $(PIC) -c $< -o $@ -+ -+bigcrypt.o: bigcrypt.c -+ $(CC) $(CFLAGS) $(CPPFLAGS) $(TARGET_ARCH) $(PIC) -c $< -o $@ -+ - md5_good.o: md5.c - $(CC) $(CFLAGS) $(CPPFLAGS) -DHIGHFIRST -D'MD5Name(x)=Good##x' \ -- $(TARGET_ARCH) -c $< -o $@ -+ $(TARGET_ARCH) $(PIC) -c $< -o $@ - - md5_broken.o: md5.c - $(CC) $(CFLAGS) $(CPPFLAGS) -D'MD5Name(x)=Broken##x' \ -- $(TARGET_ARCH) -c $< -o $@ -+ $(TARGET_ARCH) $(PIC) -c $< -o $@ - - md5_crypt_good.o: md5_crypt.c - $(CC) $(CFLAGS) $(CPPFLAGS) -D'MD5Name(x)=Good##x' \ -- $(TARGET_ARCH) -c $< -o $@ -+ $(TARGET_ARCH) $(PIC) -c $< -o $@ - - md5_crypt_broken.o: md5_crypt.c - $(CC) $(CFLAGS) $(CPPFLAGS) -D'MD5Name(x)=Broken##x' \ -- $(TARGET_ARCH) -c $< -o $@ -+ $(TARGET_ARCH) $(PIC) -c $< -o $@ - - install: all - mkdir -p $(FAKEROOT)$(SECUREDIR) -diff -durN Linux-PAM-0.77-orig/modules/Simple.Rules Linux-PAM-0.77/modules/Simple.Rules ---- Linux-PAM-0.77-orig/modules/Simple.Rules 2001-12-09 23:15:11.000000000 +0100 -+++ Linux-PAM-0.77/modules/Simple.Rules 2004-11-19 11:22:20.617688048 +0100 -@@ -35,7 +35,7 @@ - all: dirs $(LIBSHARED) $(LIBSTATIC) register - - dynamic/%.o : %.c -- $(CC) $(CFLAGS) $(INCLUDE_PAMMODUTILS) $(DYNAMIC) $(TARGET_ARCH) -c $< -o $@ -+ $(CC) $(CFLAGS) $(INCLUDE_PAMMODUTILS) $(DYNAMIC) $(TARGET_ARCH) $(PIC) -c $< -o $@ - - static/%.o : %.c - $(CC) $(CFLAGS) $(INCLUDE_PAMMODUTILS) $(STATIC) $(TARGET_ARCH) -c $< -o $@ diff --git a/package/base/shadow/pamd-userdel.patch b/package/base/shadow/pamd-userdel.patch new file mode 100644 index 000000000..31b142c5b --- /dev/null +++ b/package/base/shadow/pamd-userdel.patch @@ -0,0 +1,8 @@ +--- ./etc/pam.d/userdel.orig 2004-12-22 20:15:47.894472968 +0100 ++++ ./etc/pam.d/userdel 2004-12-22 20:15:23.889122336 +0100 +@@ -0,0 +1,5 @@ ++#%PAM-1.0 ++# /etc/pam.d/userdel ++auth sufficient pam_rootok.so ++auth required pam_unix.so ++account required pam_permit.so diff --git a/package/base/shadow/shadow.conf b/package/base/shadow/shadow.conf index 8446f0f1b..f5d9d1bcd 100644 --- a/package/base/shadow/shadow.conf +++ b/package/base/shadow/shadow.conf @@ -28,6 +28,15 @@ pc_shadow() { pm_shadow() { cp etc/limits etc/login.access $root/etc/ cp etc/login.defs.linux $root/etc/login.defs + if [ -d $root/etc/pam.d ]; then + for x in etc/pam.d/[a-z]*; do + if [ -f $root/$x ]; then + touch $root/$x + else + cp $x $root/$x + fi + done + fi touch $root/var/log/lastlog $root/var/log/faillog [ -f $root/usr/bin/login ] && mv $root/usr/bin/login $root/bin/ [ -f $root/usr/bin/su ] && mv $root/usr/bin/su $root/bin/