Bump buildroot to version 2017-02
TG-3 #closed
This commit is contained in:
@@ -1,84 +0,0 @@
|
||||
innetgr is not available/functional in uclibc, provide conditions for
|
||||
compilation.
|
||||
|
||||
Patch originally by Dmitry Golubovsky <golubovsky@gmail.com> - porting
|
||||
to linux-pam 1.2.1.
|
||||
|
||||
Signed-off-by: Brendan Heading <brendanheading@gmail.com>
|
||||
|
||||
Upstream-status: pending
|
||||
|
||||
---
|
||||
modules/pam_group/pam_group.c | 8 +++++++-
|
||||
modules/pam_succeed_if/pam_succeed_if.c | 4 ++++
|
||||
modules/pam_time/pam_time.c | 8 +++++++-
|
||||
3 files changed, 18 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c
|
||||
index be5f20f..0982de8 100644
|
||||
--- a/modules/pam_group/pam_group.c
|
||||
+++ b/modules/pam_group/pam_group.c
|
||||
@@ -655,8 +655,14 @@ static int check_account(pam_handle_t *pamh, const char *service,
|
||||
continue;
|
||||
}
|
||||
/* If buffer starts with @, we are using netgroups */
|
||||
- if (buffer[0] == '@')
|
||||
+ if (buffer[0] == '@') {
|
||||
+#ifdef HAVE_INNETGR
|
||||
good &= innetgr (&buffer[1], NULL, user, NULL);
|
||||
+#else
|
||||
+ good = 0;
|
||||
+ pam_syslog (pamh, LOG_ERR, "pam_group does not have netgroup support");
|
||||
+#endif /* HAVE_INNETGR */
|
||||
+ }
|
||||
/* otherwise, if the buffer starts with %, it's a UNIX group */
|
||||
else if (buffer[0] == '%')
|
||||
good &= pam_modutil_user_in_group_nam_nam(pamh, user, &buffer[1]);
|
||||
diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c
|
||||
index aa828fc..c09d669 100644
|
||||
--- a/modules/pam_succeed_if/pam_succeed_if.c
|
||||
+++ b/modules/pam_succeed_if/pam_succeed_if.c
|
||||
@@ -233,16 +233,20 @@ evaluate_notingroup(pam_handle_t *pamh, const char *user, const char *group)
|
||||
static int
|
||||
evaluate_innetgr(const char *host, const char *user, const char *group)
|
||||
{
|
||||
+#ifdef HAVE_INNETGR
|
||||
if (innetgr(group, host, user, NULL) == 1)
|
||||
return PAM_SUCCESS;
|
||||
+#endif /* HAVE_INNETGR */
|
||||
return PAM_AUTH_ERR;
|
||||
}
|
||||
/* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */
|
||||
static int
|
||||
evaluate_notinnetgr(const char *host, const char *user, const char *group)
|
||||
{
|
||||
+#ifdef HAVE_INNETGR
|
||||
if (innetgr(group, host, user, NULL) == 0)
|
||||
return PAM_SUCCESS;
|
||||
+#endif /* HAVE_INNETGR */
|
||||
return PAM_AUTH_ERR;
|
||||
}
|
||||
|
||||
diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c
|
||||
index c94737c..4898fd2 100644
|
||||
--- a/modules/pam_time/pam_time.c
|
||||
+++ b/modules/pam_time/pam_time.c
|
||||
@@ -554,8 +554,14 @@ check_account(pam_handle_t *pamh, const char *service,
|
||||
continue;
|
||||
}
|
||||
/* If buffer starts with @, we are using netgroups */
|
||||
- if (buffer[0] == '@')
|
||||
+ if (buffer[0] == '@') {
|
||||
+#ifdef HAVE_INNETGR
|
||||
good &= innetgr (&buffer[1], NULL, user, NULL);
|
||||
+#else
|
||||
+ good = 0;
|
||||
+ pam_syslog (pamh, LOG_ERR, "pam_time does not have netgroup support");
|
||||
+#endif /* HAVE_INNETGR */
|
||||
+ }
|
||||
else
|
||||
good &= logic_field(pamh, user, buffer, count, is_same);
|
||||
D(("with user: %s", good ? "passes":"fails" ));
|
||||
--
|
||||
2.4.3
|
||||
|
||||
@@ -3,14 +3,8 @@ config BR2_PACKAGE_LINUX_PAM
|
||||
select BR2_PACKAGE_GETTEXT if BR2_NEEDS_GETTEXT_IF_LOCALE
|
||||
select BR2_PACKAGE_FLEX
|
||||
depends on (BR2_ENABLE_LOCALE && BR2_USE_WCHAR)
|
||||
# While linux-pam does have some support for statically linked
|
||||
# modules (through --enable-static-modules), it doesn't work
|
||||
# properly due to a build cycle between libpam and
|
||||
# modules. See
|
||||
# https://lists.fedorahosted.org/pipermail/linux-pam-commits/2012-February/000105.html
|
||||
# for details.
|
||||
depends on !BR2_STATIC_LIBS
|
||||
depends on !BR2_TOOLCHAIN_USES_MUSL # linux-pam
|
||||
depends on !BR2_TOOLCHAIN_USES_MUSL
|
||||
depends on BR2_USE_MMU # fork()
|
||||
help
|
||||
A Security Framework that Provides Authentication for Applications
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
# Locally computed hashes, not provided by upstream
|
||||
sha256 342b1211c0d3b203a7df2540a5b03a428a087bd8a48c17e49ae268f992b334d9 Linux-PAM-1.2.1.tar.bz2
|
||||
sha256 241aed1ef522f66ed672719ecf2205ec513fd0075ed80cda8e086a5b1a01d1bb Linux-PAM-1.3.0.tar.bz2
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
#
|
||||
################################################################################
|
||||
|
||||
LINUX_PAM_VERSION = 1.2.1
|
||||
LINUX_PAM_VERSION = 1.3.0
|
||||
LINUX_PAM_SOURCE = Linux-PAM-$(LINUX_PAM_VERSION).tar.bz2
|
||||
LINUX_PAM_SITE = http://linux-pam.org/library
|
||||
LINUX_PAM_INSTALL_STAGING = YES
|
||||
@@ -29,6 +29,10 @@ endif
|
||||
ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
|
||||
LINUX_PAM_CONF_OPTS += --enable-selinux
|
||||
LINUX_PAM_DEPENDENCIES += libselinux
|
||||
define LINUX_PAM_SELINUX_PAMFILE_TWEAK
|
||||
$(SED) 's/^# \(.*pam_selinux.so.*\)$$/\1/' \
|
||||
$(TARGET_DIR)/etc/pam.d/login
|
||||
endef
|
||||
else
|
||||
LINUX_PAM_CONF_OPTS += --disable-selinux
|
||||
endif
|
||||
@@ -46,6 +50,7 @@ define LINUX_PAM_INSTALL_CONFIG
|
||||
$(TARGET_DIR)/etc/pam.d/login
|
||||
$(INSTALL) -m 0644 -D package/linux-pam/other.pam \
|
||||
$(TARGET_DIR)/etc/pam.d/other
|
||||
$(LINUX_PAM_SELINUX_PAMFILE_TWEAK)
|
||||
endef
|
||||
|
||||
LINUX_PAM_POST_INSTALL_TARGET_HOOKS += LINUX_PAM_INSTALL_CONFIG
|
||||
|
||||
@@ -4,7 +4,9 @@ account required pam_unix.so
|
||||
|
||||
password required pam_unix.so nullok
|
||||
|
||||
# session required pam_selinux.so close
|
||||
session required pam_limits.so
|
||||
session required pam_env.so
|
||||
session required pam_unix.so
|
||||
session optional pam_lastlog.so
|
||||
# session required pam_selinux.so open
|
||||
|
||||
Reference in New Issue
Block a user