PAM support updates: change the dependency back to sys-libs/pam but ask for at least version 0.99 (so that we know we have the proper pam_tally, and we can drop some conditionals), OpenPAM wouldn't work for shadow for now. Simplify the pam.d installation, without using the for loop and case statement. Use the 'epam syntax' for the selinux conditional. Update the options passed to pam_tally so that they don't throw warnings when used with Linux-PAM 0.99.

Package-Manager: portage-2.1.3.17
author: Diego Elio Pettenò <flameeyes@gentoo.org> 2007-11-04 15:12:29 +0000
committer: Diego Elio Pettenò <flameeyes@gentoo.org> 2007-11-04 15:12:29 +0000
commit: 911a29cffc7cb672c84931b1bf06d846cc10bc0d (patch)
tree: 564826bac6daa1dddbebb1784b9c16fd3c2b141f /sys-apps/shadow
parent: Now that it has been tested, we can remove the EPAM lines that didn't hit, in... (diff)
download: historical-911a29cffc7cb672c84931b1bf06d846cc10bc0d.tar.gz
historical-911a29cffc7cb672c84931b1bf06d846cc10bc0d.tar.bz2
historical-911a29cffc7cb672c84931b1bf06d846cc10bc0d.zip
4 files changed, 74 insertions, 64 deletions
diff --git a/sys-apps/shadow/ChangeLog b/sys-apps/shadow/ChangeLog
index a0fac212edb5..b4d3f7023556 100644
--- a/sys-apps/shadow/ChangeLog
+++ b/sys-apps/shadow/ChangeLog
@@ -1,6 +1,16 @@
 # ChangeLog for sys-apps/shadow
 # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/ChangeLog,v 1.178 2007/11/04 04:17:13 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/ChangeLog,v 1.179 2007/11/04 15:12:28 flameeyes Exp $
+
+  04 Nov 2007; Diego Pettenò <flameeyes@gentoo.org> +files/login.pamd.2,
+  shadow-4.0.18.2.ebuild:
+  PAM support updates: change the dependency back to sys-libs/pam but ask for
+  at least version 0.99 (so that we know we have the proper pam_tally, and we
+  can drop some conditionals), OpenPAM wouldn't work for shadow for now.
+  Simplify the pam.d installation, without using the for loop and case
+  statement. Use the 'epam syntax' for the selinux conditional. Update the
+  options passed to pam_tally so that they don't throw warnings when used with
+  Linux-PAM 0.99.
 
 *shadow-4.0.18.2 (04 Nov 2007)
 
diff --git a/sys-apps/shadow/Manifest b/sys-apps/shadow/Manifest
index a696b048a5f9..4512c0d2f03c 100644
--- a/sys-apps/shadow/Manifest
+++ b/sys-apps/shadow/Manifest
@@ -17,6 +17,10 @@ AUX login.pamd.1 1020 RMD160 9f0ec8ff53bf96b89dc8a03d73839e5d8ea83552 SHA1 544ae
 MD5 1e2cdd4317dbb505d470e78a4925394f files/login.pamd.1 1020
 RMD160 9f0ec8ff53bf96b89dc8a03d73839e5d8ea83552 files/login.pamd.1 1020
 SHA256 592c941fc935a85a0605df993ac130aadca0f5cb156aeed163d97fbc9483f457 files/login.pamd.1 1020
+AUX login.pamd.2 915 RMD160 753976e3e134d8ce45560cf268683703d7d612fc SHA1 bf0b761a9ab5f35b0b035380b8bf986e08326f1e SHA256 6bc326f38a8948313e5b6032c45cd2a4973d2f518000325e744545e82d517573
+MD5 5a801c1033b425671cda233f839ca2a3 files/login.pamd.2 915
+RMD160 753976e3e134d8ce45560cf268683703d7d612fc files/login.pamd.2 915
+SHA256 6bc326f38a8948313e5b6032c45cd2a4973d2f518000325e744545e82d517573 files/login.pamd.2 915
 AUX login_defs.awk 738 RMD160 4c05e7ab04b1b630bba093fdb2c2501c11a2d5be SHA1 74a28544ec0de8dbc530846c54af763f8ebc9f18 SHA256 6ceb9e03c2f7df817f3162de48886c9c66a596cb2af98fbf523c93e26840113b
 MD5 372a33c569b7078d247058c7dab1cae2 files/login_defs.awk 738
 RMD160 4c05e7ab04b1b630bba093fdb2c2501c11a2d5be files/login_defs.awk 738
@@ -103,14 +107,14 @@ EBUILD shadow-4.0.18.1-r1.ebuild 5914 RMD160 c5323f6fd8b05ffc826d444e12dd62f9780
 MD5 3ad336178335dd7357d4bdb84d3d1a33 shadow-4.0.18.1-r1.ebuild 5914
 RMD160 c5323f6fd8b05ffc826d444e12dd62f9780c987c shadow-4.0.18.1-r1.ebuild 5914
 SHA256 780da8cb7536fe971f803c2371d40ecff6eb7ec3d7541f084b1ace8570f9ed9c shadow-4.0.18.1-r1.ebuild 5914
-EBUILD shadow-4.0.18.2.ebuild 5969 RMD160 b14bb9db857dfd407c21e0dc8a3fbbf27da7865d SHA1 62bb7741731213510de812e4c69225c00dcaec1c SHA256 78ae8d09c2f86f47bc3a459f15b0e8fb322bd1032f6178c77c291894f9b00229
-MD5 20da5055da1df09ed91c06431304ff6c shadow-4.0.18.2.ebuild 5969
-RMD160 b14bb9db857dfd407c21e0dc8a3fbbf27da7865d shadow-4.0.18.2.ebuild 5969
-SHA256 78ae8d09c2f86f47bc3a459f15b0e8fb322bd1032f6178c77c291894f9b00229 shadow-4.0.18.2.ebuild 5969
-MISC ChangeLog 31586 RMD160 fd1eddfee90483b49b8d13d5016581a41b1d725c SHA1 d9c4562ed285bcb1f62c37988ff0220ef17b473f SHA256 b6ba19c105547b4e0fb36282e87c6d549ac74b7c65bb58e3759601eff4946efd
-MD5 d3ee2cb0b79478fba7ce02fc1f78524d ChangeLog 31586
-RMD160 fd1eddfee90483b49b8d13d5016581a41b1d725c ChangeLog 31586
-SHA256 b6ba19c105547b4e0fb36282e87c6d549ac74b7c65bb58e3759601eff4946efd ChangeLog 31586
+EBUILD shadow-4.0.18.2.ebuild 5128 RMD160 2e376e5fd4535453ffff41383120b91fae20834d SHA1 0c3f875661c3a3f1964c8f47df3725931605d420 SHA256 bd8b27e9b2a82ff89fc02b1ab4984caa66b9e2b0d2a172a71541bf7985d2a97a
+MD5 995d3ab79f9d2a4eeadf628a9f77d0fe shadow-4.0.18.2.ebuild 5128
+RMD160 2e376e5fd4535453ffff41383120b91fae20834d shadow-4.0.18.2.ebuild 5128
+SHA256 bd8b27e9b2a82ff89fc02b1ab4984caa66b9e2b0d2a172a71541bf7985d2a97a shadow-4.0.18.2.ebuild 5128
+MISC ChangeLog 32162 RMD160 7a7903202baea3846ad6ce56c07d6cf34d43bdde SHA1 e3b90254a7747807bc98c016b64ee3f308dc52de SHA256 5c84c1faf515fe6e0a54b0be0d5a54573ba4922329d58726ddeff9e5bbd6b0b8
+MD5 1601ba1d5bb4f2f78df7105d6875de01 ChangeLog 32162
+RMD160 7a7903202baea3846ad6ce56c07d6cf34d43bdde ChangeLog 32162
+SHA256 5c84c1faf515fe6e0a54b0be0d5a54573ba4922329d58726ddeff9e5bbd6b0b8 ChangeLog 32162
 MISC metadata.xml 164 RMD160 f43cbec30b7074319087c9acffdb9354b17b0db3 SHA1 9c213f5803676c56439df3716be07d6692588856 SHA256 f5f2891f2a4791cd31350bb2bb572131ad7235cd0eeb124c9912c187ac10ce92
 MD5 9a09f8d531c582e78977dbfd96edc1f2 metadata.xml 164
 RMD160 f43cbec30b7074319087c9acffdb9354b17b0db3 metadata.xml 164
@@ -124,7 +128,7 @@ SHA256 6264aa6a9d2ada8ace48b5b8826000881380c6cd5eef0a27eec47a8d9b2705d8 files/di
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.7 (GNU/Linux)
 
-iD8DBQFHLUfPp/wUKkr7RBoRAojbAJ0T41e3kqa6Cp3M4kqnmhMGO/E0NwCcCavg
-7DOV0e1DfmHt2AaYIwARnIw=
-=OX8X
+iD8DBQFHLeBqAiZjviIA2XgRAjvzAKCfejFy7NncQA+fBA8d9K7o0ZWlpACfUX2t
+qnN74iT4LjWWOmcL4UCl0M0=
+=hNDT
 -----END PGP SIGNATURE-----
diff --git a/sys-apps/shadow/files/login.pamd.2 b/sys-apps/shadow/files/login.pamd.2
new file mode 100644
index 000000000000..fdbdf1cda9b0
--- /dev/null
+++ b/sys-apps/shadow/files/login.pamd.2
@@ -0,0 +1,27 @@
+#%PAM-1.0
+
+auth       required	pam_securetty.so
+auth       required	pam_tally.so file=/var/log/faillog onerr=succeed
+auth       required	pam_shells.so
+auth       required	pam_nologin.so
+auth       include	system-auth
+
+account    required	pam_access.so
+account    include	system-auth
+account    required	pam_tally.so file=/var/log/faillog onerr=succeed
+
+password   include	system-auth
+
+#%EPAM-Use-Flag:selinux%## pam_selinux.so close should be the first session rule
+#%EPAM-Use-Flag:selinux%#session    required	pam_selinux.so close
+#%EPAM-Use-Flag:selinux%#
+session    required	pam_env.so
+session    optional	pam_lastlog.so
+session    optional	pam_motd.so motd=/etc/motd
+session    optional	pam_mail.so
+
+session    include	system-auth
+
+#%EPAM-Use-Flag:selinux%## pam_selinux.so open should be the last session rule
+#%EPAM-Use-Flag:selinux%#session    required	pam_selinux.so multiple open
+#%EPAM-Use-Flag:selinux%#
diff --git a/sys-apps/shadow/shadow-4.0.18.2.ebuild b/sys-apps/shadow/shadow-4.0.18.2.ebuild
index 390c57f8de05..84a97178ce2b 100644
--- a/sys-apps/shadow/shadow-4.0.18.2.ebuild
+++ b/sys-apps/shadow/shadow-4.0.18.2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2007 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/shadow-4.0.18.2.ebuild,v 1.1 2007/11/04 04:17:13 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/shadow-4.0.18.2.ebuild,v 1.2 2007/11/04 15:12:28 flameeyes Exp $
 
 inherit eutils libtool toolchain-funcs autotools pam
 
@@ -14,7 +14,7 @@ SLOT="0"
 IUSE="nls pam selinux skey nousuid cracklib"
 
 RDEPEND="cracklib? ( >=sys-libs/cracklib-2.7-r3 )
-	pam? ( virtual/pam )
+	pam? ( >=sys-libs/pam-0.99 )
 	!sys-apps/pam-login
 	!app-admin/nologin
 	skey? ( app-admin/skey )
@@ -95,20 +95,16 @@ src_install() {
 	if ! use pam ; then
 		insopts -m0600
 		doins etc/login.access etc/limits
-	else
-		newpamd "${FILESDIR}/login.pamd.1" login
-		use selinux || sed -i -e '/@selinux@/d' "${D}"/etc/pam.d/login
-		use selinux && sed -i -e 's:@selinux@::g' "${D}"/etc/pam.d/login
 	fi
 	# Output arch-specific cruft
 	case $(tc-arch) in
 		ppc*)  echo "hvc0" >> "${D}"/etc/securetty
-		       echo "hvsi0" >> "${D}"/etc/securetty
-		       echo "ttyPSC0" >> "${D}"/etc/securetty;;
+			   echo "hvsi0" >> "${D}"/etc/securetty
+			   echo "ttyPSC0" >> "${D}"/etc/securetty;;
 		hppa)  echo "ttyB0" >> "${D}"/etc/securetty;;
 		arm)   echo "ttyFB0" >> "${D}"/etc/securetty;;
 		sh)    echo "ttySC0" >> "${D}"/etc/securetty
-		       echo "ttySC1" >> "${D}"/etc/securetty;;
+			   echo "ttySC1" >> "${D}"/etc/securetty;;
 	esac
 
 	# needed for 'adduser -D'
@@ -120,62 +116,33 @@ src_install() {
 	mv "${D}"/usr/bin/passwd "${D}"/bin/
 	dosym /bin/passwd /usr/bin/passwd
 
+	cd "${S}"
+	insinto /etc
+	insopts -m0644
+	newins etc/login.defs login.defs
+
 	if use pam ; then
-		local INSTALL_SYSTEM_PAMD="yes"
-
-		# Do not install below pam.d files if we have pam-0.78 or later
-		has_version '>=sys-libs/pam-0.78' && \
-			INSTALL_SYSTEM_PAMD="no"
-
-		for x in "${FILESDIR}"/pam.d-include/*; do
-			case "${x##*/}" in
-				"login")
-					# We do no longer install this one, as its from
-					# pam-login now.
-					;;
-				"system-auth"|"system-auth-1.1"|"other")
-					# These we only install if we do not have pam-0.78
-					# or later.
-					[ "${INSTALL_SYSTEM_PAMD}" = "yes" ] && [ -f ${x} ] && \
-						dopamd ${x}
-					;;
-				"su")
-					# Disable support for pam_env and pam_wheel on openpam
-					has_version sys-libs/pam && dopamd ${x}
-					;;
-				"su-openpam")
-					has_version sys-libs/openpam && newpamd ${x} su
-					;;
-				*)
-					[ -f ${x} ] && dopamd ${x}
-					;;
-			esac
-		done
+		dopamd "${FILESDIR}/pam.d-include/"{su,passwd,shadow}
+
+		newpamd "${FILESDIR}/login.pamd.2" login
+
 		for x in chage chsh chfn chpasswd newusers \
 				 user{add,del,mod} group{add,del,mod} ; do
 			newpamd "${FILESDIR}"/pam.d-include/shadow ${x}
 		done
 
+		# comment out login.defs options that pam hates
+		gawk -f "${FILESDIR}"/login_defs.awk \
+			lib/getdef.c etc/login.defs \
+			> "${D}"/etc/login.defs
+
 		# remove manpages that pam will install for us
 		# and/or don't apply when using pam
-
 		find "${D}"/usr/share/man \
 			'(' -name 'limits.5*' -o -name 'suauth.5*' ')' \
 			-exec rm {} \;
 	fi
 
-	cd "${S}"
-	insinto /etc
-	insopts -m0644
-	newins etc/login.defs login.defs
-
-	# comment out options that pam hates
-	if use pam ; then
-		awk -f "${FILESDIR}"/login_defs.awk \
-			lib/getdef.c etc/login.defs \
-			> "${D}"/etc/login.defs
-	fi
-
 	# Remove manpages that are handled by other packages
 	find "${D}"/usr/share/man \
 		'(' -name id.1 -o -name passwd.5 -o -name getspnam.3 ')' \
@@ -191,6 +158,8 @@ src_install() {
 pkg_preinst() {
 	rm -f "${ROOT}"/etc/pam.d/system-auth.new \
 		"${ROOT}/etc/login.defs.new"
+
+	use pam && pam_epam_expand "${D}"/etc/pam.d/login
 }
 
 pkg_postinst() {
author	Diego Elio Pettenò <flameeyes@gentoo.org>	2007-11-04 15:12:29 +0000
committer	Diego Elio Pettenò <flameeyes@gentoo.org>	2007-11-04 15:12:29 +0000
commit	911a29cffc7cb672c84931b1bf06d846cc10bc0d (patch)
tree	564826bac6daa1dddbebb1784b9c16fd3c2b141f /sys-apps/shadow
parent	Now that it has been tested, we can remove the EPAM lines that didn't hit, in... (diff)
download	historical-911a29cffc7cb672c84931b1bf06d846cc10bc0d.tar.gz historical-911a29cffc7cb672c84931b1bf06d846cc10bc0d.tar.bz2 historical-911a29cffc7cb672c84931b1bf06d846cc10bc0d.zip