diff options
| author | davidovski <david@davidovski.xyz> | 2022-04-11 13:30:34 +0100 |
|---|---|---|
| committer | davidovski <david@davidovski.xyz> | 2022-04-11 13:30:34 +0100 |
| commit | bce4ac0f65ffb8bedcdcbdb94eb796457b12f9e1 (patch) | |
| tree | 5070b9f21b192e6aa0f2a92584a7cbbc6a00d68c /repo/system/shadow.xibuild | |
| parent | 65f2daa1e41f38db5e29a73af9c02d6c390b1d24 (diff) | |
added files for pam and shadow
Diffstat (limited to 'repo/system/shadow.xibuild')
| -rw-r--r-- | repo/system/shadow.xibuild | 180 |
1 files changed, 44 insertions, 136 deletions
diff --git a/repo/system/shadow.xibuild b/repo/system/shadow.xibuild index 9d490c4..22bd2f1 100644 --- a/repo/system/shadow.xibuild +++ b/repo/system/shadow.xibuild @@ -7,6 +7,14 @@ PKG_VER=4.11.1 SOURCE=https://github.com/shadow-maint/shadow/releases/download/v$PKG_VER/shadow-$PKG_VER.tar.xz DESC="Password and account management tool suite with support for shadow files and PAM" +ADDITIONAL=" + chage.pamd + chpasswd.pamd + login.pamd + newusers.pamd + passwd.pamd + su.pamd +" prepare () { @@ -26,7 +34,24 @@ prepare () { } build () { - ./configure --sysconfdir=/etc --with-group-name-max-length=32 + ./configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --localstatedir=/var \ + --disable-account-tools-setuid \ + --disable-nls \ + --without-audit \ + --with-libpam \ + --without-selinux \ + --without-acl \ + --without-attr \ + --without-tcb \ + --with-yescrypt \ + --without-nscd \ + --without-group-name-max-length \ + --with-fcaps + make } @@ -34,150 +59,33 @@ package () { make exec_prefix=/usr DESTDIR=$PKG_DEST install make DESTDIR=$PKG_DEST -C man install-man mkdir -p $PKG_DEST/etc/default + + [ -d $PKG_DEST/etc/pam.d ] && rm -rf $PKG_DEST/etc/pam.d/* + install -m644 $PKG_DEST/etc/login.defs $PKG_DEST/etc/login.defs.orig && - for FUNCTION in FAIL_DELAY \ - FAILLOG_ENAB \ - LASTLOG_ENAB \ - MAIL_CHECK_ENAB \ - OBSCURE_CHECKS_ENAB \ - PORTTIME_CHECKS_ENAB \ - QUOTAS_ENAB \ - CONSOLE MOTD_FILE \ - FTMP_FILE NOLOGINS_FILE \ - ENV_HZ PASS_MIN_LEN \ - SU_WHEEL_ONLY \ - CRACKLIB_DICTPATH \ - PASS_CHANGE_TRIES \ - PASS_ALWAYS_WARN \ - CHFN_AUTH ENCRYPT_METHOD \ - ENVIRON_FILE - do - sed -i "s/^${FUNCTION}/# &/" $PKG_DEST/etc/login.defs + echo "USERGROUPS_ENAB yes"> $PKG_DEST/etc/login.defs + + for f in $ADDITIONAL; do + case $f in + *.pamd) + cp $f $PKG_DEST/etc/pam.d/${f%.pamd} + ;; + esac done - - cat > $PKG_DEST/etc/pam.d/login << "EOF" -# Begin /etc/pam.d/login - -# Set failure delay before next prompt to 3 seconds -auth optional pam_faildelay.so delay=3000000 - -# Check to make sure that the user is allowed to login -auth requisite pam_nologin.so - -# Check to make sure that root is allowed to login -# Disabled by default. You will need to create /etc/securetty -# file for this module to function. See man 5 securetty. -#auth required pam_securetty.so - -# Additional group memberships - disabled by default -#auth optional pam_group.so - -# include system auth settings -auth include system-auth - -# check access for the user -account required pam_access.so - -# include system account settings -account include system-account - -# Set default environment variables for the user -session required pam_env.so - -# Set resource limits for the user -session required pam_limits.so - -# Display date of last login - Disabled by default -#session optional pam_lastlog.so - -# Display the message of the day - Disabled by default -#session optional pam_motd.so - -# Check user's mail - Disabled by default -#session optional pam_mail.so standard quiet - -# include system session and password settings -session include system-session -password include system-password - -# End /etc/pam.d/login -EOF - - cat > $PKG_DEST/etc/pam.d/passwd << "EOF" -# Begin /etc/pam.d/passwd - -password include system-password - -# End /etc/pam.d/passwd -EOF - - cat > $PKG_DEST/etc/pam.d/su << "EOF" -# Begin /etc/pam.d/su - -# always allow root -auth sufficient pam_rootok.so - -# Allow users in the wheel group to execute su without a password -# disabled by default -#auth sufficient pam_wheel.so trust use_uid - -# include system auth settings -auth include system-auth - -# limit su to users in the wheel group -auth required pam_wheel.so use_uid - -# include system account settings -account include system-account - -# Set default environment variables for the service user -session required pam_env.so - -# include system session settings -session include system-session - -# End /etc/pam.d/su -EOF - - cat > $PKG_DEST/etc/pam.d/chpasswd << "EOF" -# Begin /etc/pam.d/chpasswd - -# always allow root -auth sufficient pam_rootok.so - -# include system auth and account settings -auth include system-auth -account include system-account -password include system-password - -# End /etc/pam.d/chpasswd -EOF - -sed -e s/chpasswd/newusers/ $PKG_DEST/etc/pam.d/chpasswd >$PKG_DEST/etc/pam.d/newusers - - cat > $PKG_DEST/etc/pam.d/chage << "EOF" -# Begin /etc/pam.d/chage - -# always allow root -auth sufficient pam_rootok.so - -# include system auth and account settings -auth include system-auth -account include system-account - -# End /etc/pam.d/chage -EOF + cp $PKG_DEST/etc/pam.d/su $PKG_DEST/etc/pam.d/su-l for PROGRAM in chfn chgpasswd chsh groupadd groupdel \ groupmems groupmod useradd userdel usermod do - install -m644 $PKG_DEST/etc/pam.d/chage $PKG_DEST/etc/pam.d/${PROGRAM} + install -m644 chage.pamd $PKG_DEST/etc/pam.d/${PROGRAM} sed -i "s/chage/$PROGRAM/" $PKG_DEST/etc/pam.d/${PROGRAM} done - [ -f $PKG_DEST/etc/login.access ] && mv $PKG_DEST/etc/login.access{,.NOUSE} || true - [ -f $PKG_DEST/etc/limits ] && mv $PKG_DEST/etc/limits{,.NOUSE} || true + [ -f $PKG_DEST/etc/login.access ] && mv $PKG_DEST/etc/login.access $PKG_DEST/etc/login.access.NOUSE || true + [ -f $PKG_DEST/etc/limits ] && mv $PKG_DEST/etc/limits $PKG_DEST/etc/limits.NOUSE || true + + rm $PKG_DEST/usr/bin/su } postinstall () { @@ -222,7 +130,7 @@ users:x:999: EOF /usr/sbin/pwconv /usr/sbin/grpconv + chmod 0640 /etc/shadow mkdir -p /etc/default /usr/sbin/useradd -D --gid 999 - } |