From 65f0b2ab3601c75372782b5631891988cb6a742c Mon Sep 17 00:00:00 2001
From: Alan Mizrahi <alan+crux@mizrahi.com.ve>
Date: Sat, 23 Nov 2013 19:01:59 +0900
Subject: [PATCH] [notify] linux-pam: Updated to 1.1.8

Changed configuration from /etc/pam.conf to /etc/pam.d/*
---
 linux-pam/.footprint  | 10 +++++++--
 linux-pam/.md5sum     |  5 +++--
 linux-pam/Pkgfile     | 32 ++++++++++++++++++---------
 linux-pam/README      |  7 ++----
 linux-pam/other       |  9 ++++++++
 linux-pam/pam.conf    | 50 -------------------------------------------
 linux-pam/system-auth | 11 ++++++++++
 7 files changed, 55 insertions(+), 69 deletions(-)
 create mode 100644 linux-pam/other
 delete mode 100644 linux-pam/pam.conf
 create mode 100644 linux-pam/system-auth

diff --git a/linux-pam/.footprint b/linux-pam/.footprint
index ac27ddbad..95ddb4705 100644
--- a/linux-pam/.footprint
+++ b/linux-pam/.footprint
@@ -1,22 +1,28 @@
 drwxr-xr-x	root/root	etc/
 -rw-r--r--	root/root	etc/environment
--rw-r--r--	root/root	etc/pam.conf
+drwx------	root/root	etc/pam.d/
+-rw-r--r--	root/root	etc/pam.d/other
+-rw-r--r--	root/root	etc/pam.d/system-auth
 drwxr-xr-x	root/root	etc/security/
 -rw-r--r--	root/root	etc/security/access.conf
 -rw-r--r--	root/root	etc/security/group.conf
 -rw-r--r--	root/root	etc/security/limits.conf
 drwxr-xr-x	root/root	etc/security/limits.d/
 -rw-r--r--	root/root	etc/security/namespace.conf
+drwxr-xr-x	root/root	etc/security/namespace.d/
 -rwxr-xr-x	root/root	etc/security/namespace.init
 -rw-r--r--	root/root	etc/security/pam_env.conf
 -rw-r--r--	root/root	etc/security/time.conf
 drwxr-xr-x	root/root	lib/
+-rwxr-xr-x	root/root	lib/libpam.la
 lrwxrwxrwx	root/root	lib/libpam.so -> libpam.so.0.83.1
 lrwxrwxrwx	root/root	lib/libpam.so.0 -> libpam.so.0.83.1
 -rwxr-xr-x	root/root	lib/libpam.so.0.83.1
+-rwxr-xr-x	root/root	lib/libpam_misc.la
 lrwxrwxrwx	root/root	lib/libpam_misc.so -> libpam_misc.so.0.82.0
 lrwxrwxrwx	root/root	lib/libpam_misc.so.0 -> libpam_misc.so.0.82.0
 -rwxr-xr-x	root/root	lib/libpam_misc.so.0.82.0
+-rwxr-xr-x	root/root	lib/libpamc.la
 lrwxrwxrwx	root/root	lib/libpamc.so -> libpamc.so.0.82.1
 lrwxrwxrwx	root/root	lib/libpamc.so.0 -> libpamc.so.0.82.1
 -rwxr-xr-x	root/root	lib/libpamc.so.0.82.1
@@ -67,7 +73,7 @@ drwxr-xr-x	root/root	sbin/
 -rwxr-xr-x	root/root	sbin/pam_tally
 -rwxr-xr-x	root/root	sbin/pam_tally2
 -rwxr-xr-x	root/root	sbin/pam_timestamp_check
--rwxr-xr-x	root/root	sbin/unix_chkpwd
+-rwsr-xr-x	root/root	sbin/unix_chkpwd
 -rwxr-xr-x	root/root	sbin/unix_update
 drwxr-xr-x	root/root	usr/
 drwxr-xr-x	root/root	usr/include/
diff --git a/linux-pam/.md5sum b/linux-pam/.md5sum
index 75dfed29d..603805fd4 100644
--- a/linux-pam/.md5sum
+++ b/linux-pam/.md5sum
@@ -1,2 +1,3 @@
-7b73e58b7ce79ffa321d408de06db2c4  Linux-PAM-1.1.6.tar.bz2
-acca6a1a1573300eb5cc3780fbefc6a7  pam.conf
+35b6091af95981b1b2cd60d813b5e4ee  Linux-PAM-1.1.8.tar.bz2
+99092039db09dacacb1a93d23fbcb3bc  other
+e17298022d46d186a55c1db3d3e549e2  system-auth
diff --git a/linux-pam/Pkgfile b/linux-pam/Pkgfile
index cc22c05b3..19d89fddb 100644
--- a/linux-pam/Pkgfile
+++ b/linux-pam/Pkgfile
@@ -1,27 +1,39 @@
 # Description:	Linux-PAM (Pluggable Authentication Modules for Linux)
-# URL:		http://www.us.kernel.org/pub/linux/libs/pam/
+# URL:		http://www.kernel.org/pub/linux/libs/pam/
 # Maintainer:	Alan Mizrahi, alan at mizrahi dot com dot ve
 
 name=linux-pam
-version=1.1.6
+version=1.1.8
 release=1
-source=(http://www.linux-pam.org/library/Linux-PAM-$version.tar.bz2 pam.conf)
+source=(
+http://www.linux-pam.org/library/Linux-PAM-$version.tar.bz2
+other
+system-auth
+)
 
 build() {
 	cd Linux-PAM-$version
 
-	# Disable pam_userdb because it relies on the dbm api of db.
-	# If you need this module, rebuild db with --enable-dbm
-	# and comment this:
-	sed -ri -e 's|^(.*)pam_userdb(.*)$|\1\2|g' modules/Makefile.in
+	# pam_userdb needs the dbm api of libdb.
+	# if the api isn't there, we disable the module
+	db="$(grep -q __db_ndbm_open /usr/lib/libdb.* || echo --disable-db)"
 
 	./configure \
 		--sysconfdir=/etc \
 		--prefix=/usr \
+		--libdir=/lib \
 		--mandir=/usr/man \
-		--disable-nls
+		--disable-nls \
+		"$db"
+
 	make
 	make DESTDIR=$PKG install
-	rm -rf $PKG/usr/share $PKG/lib/*.la $PKG/lib/security/*.la
-	install -D -m 644 $SRC/pam.conf $PKG/etc/pam.conf
+
+	rm -rf $PKG/usr/share $PKG/lib/security/*.la
+	mkdir -m 700 $PKG/etc/pam.d
+	install -D -m 644 -o root -g root $SRC/other $PKG/etc/pam.d/other
+	install -D -m 644 -o root -g root $SRC/system-auth $PKG/etc/pam.d/system-auth
+
+	# the unix_chkpwd helper need the setuid bit
+	chmod u+s $PKG/sbin/unix_chkpwd
 }
diff --git a/linux-pam/README b/linux-pam/README
index 56eae6cde..7ca7e6b6c 100644
--- a/linux-pam/README
+++ b/linux-pam/README
@@ -4,9 +4,6 @@ PRE-INSTALL
 
 POST-INSTALL
 
-	* You might want to rebuild some pam-aware packages:
-	ssh, samba, shadow, kde, ftpd, imapd, pop3d, etc
+	You might want to rebuild some pam-aware applications:
+	shadow, openssh, vsftpd, etc.
 
-PRECAUTION
-	
-	* Please review the provided pam.conf configuration.
diff --git a/linux-pam/other b/linux-pam/other
new file mode 100644
index 000000000..ad7292e11
--- /dev/null
+++ b/linux-pam/other
@@ -0,0 +1,9 @@
+#%PAM-1.0
+auth		required	pam_warn.so
+auth		required	pam_deny.so
+account		required	pam_warn.so
+account		required	pam_deny.so
+password	required	pam_warn.so
+password	required	pam_deny.so
+session		required	pam_warn.so
+session		required	pam_deny.so
diff --git a/linux-pam/pam.conf b/linux-pam/pam.conf
deleted file mode 100644
index a0242e3c4..000000000
--- a/linux-pam/pam.conf
+++ /dev/null
@@ -1,50 +0,0 @@
-#
-# /etc/pam.conf: authentication stack configuration file
-#
-ftp	auth		sufficient	pam_ftp.so
-ftp	auth		required	pam_unix.so md5 shadow try_first_pass
-ftp	account		required	pam_unix.so
-ftp	session		required	pam_unix.so
-#
-imap	auth		required	pam_unix.so md5 shadow try_first_pass
-imap	account		required	pam_unix.so
-imap	session		required	pam_unix.so
-#
-pop3	auth		required	pam_unix.so md5 shadow try_first_pass
-pop3	account		required	pam_unix.so
-pop3	session		required	pam_unix.so
-#
-kde	auth		requisite	pam_securetty.so
-kde	auth		required	pam_unix.so md5 shadow try_first_pass
-kde	account		requisite	pam_time.so
-kde	account		required	pam_unix.so
-kde	session		required	pam_unix.so
-#
-login	auth		requisite	pam_securetty.so
-login	auth		required	pam_unix.so md5 shadow try_first_pass
-login	account		requisite	pam_time.so
-login	account		required	pam_unix.so
-login	session		required	pam_unix.so
-#
-samba	auth		required	pam_unix.so md5 shadow try_first_pass
-samba	account		required	pam_unix.so
-samba	session		required	pam_unix.so
-#
-sshd	auth		required	pam_unix.so md5 shadow try_first_pass
-sshd	account		required	pam_unix.so
-sshd	session		required	pam_unix.so
-#
-su	auth		sufficient	pam_rootok.so
-su	auth		required	pam_unix.so md5 shadow try_first_pass
-su	account		required	pam_unix.so
-su	session		required	pam_unix.so
-#
-passwd	password	required	pam_unix.so md5 shadow try_first_pass
-#
-other	auth		required	pam_warn.so
-other	auth		requisite	pam_deny.so
-other	account		requisite	pam_deny.so
-other	password	required	pam_warn.so
-other	password	requisite	pam_deny.so
-other	session		required	pam_warn.so
-other	session		requisite	pam_deny.so
diff --git a/linux-pam/system-auth b/linux-pam/system-auth
new file mode 100644
index 000000000..0cf8bcc6b
--- /dev/null
+++ b/linux-pam/system-auth
@@ -0,0 +1,11 @@
+#%PAM-1.0
+
+auth		required 	pam_unix.so
+auth		required	pam_env.so
+
+account		required	pam_unix.so
+
+password	required	pam_unix.so sha512 shadow
+
+session		required	pam_limits.so
+session		required	pam_unix.so