[Buildroot] [PATCH] Add package linux-pam

[Buildroot] [PATCH] Add package linux-pam

[Dmitry]

Signed-off-by: Dmitry <golubovsky@gmail.com>
---
 package/Config.in                                 |    1 +
 package/linux-pam/Config.in                       |   15 +++++++++
 package/linux-pam/linux-pam-configure.patch       |   20 ++++++++++++
 package/linux-pam/linux-pam-doc-makefile-am.patch |   33 +++++++++++++++++++++
 package/linux-pam/linux-pam-group.patch           |   26 ++++++++++++++++
 package/linux-pam/linux-pam-rhosts.patch          |   24 +++++++++++++++
 package/linux-pam/linux-pam-succeed.patch         |   31 +++++++++++++++++++
 package/linux-pam/linux-pam-time.patch            |   26 ++++++++++++++++
 package/linux-pam/linux-pam.mk                    |   25 ++++++++++++++++
 9 files changed, 201 insertions(+), 0 deletions(-)
 create mode 100644 package/linux-pam/Config.in
 create mode 100644 package/linux-pam/linux-pam-configure.patch
 create mode 100644 package/linux-pam/linux-pam-doc-makefile-am.patch
 create mode 100644 package/linux-pam/linux-pam-group.patch
 create mode 100644 package/linux-pam/linux-pam-rhosts.patch
 create mode 100644 package/linux-pam/linux-pam-succeed.patch
 create mode 100644 package/linux-pam/linux-pam-time.patch
 create mode 100644 package/linux-pam/linux-pam.mk

diff --git a/package/Config.in b/package/Config.in
index f308de7..28bca5f 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -460,6 +460,7 @@ source "package/libnspr/Config.in"
 source "package/libsigc/Config.in"
 source "package/libtpl/Config.in"
 source "package/liburcu/Config.in"
+source "package/linux-pam/Config.in"
 source "package/lttng-libust/Config.in"
 source "package/orc/Config.in"
 source "package/poco/Config.in"
diff --git a/package/linux-pam/Config.in b/package/linux-pam/Config.in
new file mode 100644
index 0000000..722b875
--- /dev/null
+++ b/package/linux-pam/Config.in
@@ -0,0 +1,15 @@
+config BR2_PACKAGE_LINUX_PAM
+	bool "linux-pam"
+	select BR2_PACKAGE_LIBINTL if BR2_NEEDS_GETTEXT_IF_LOCALE
+	select BR2_PACKAGE_GETTEXT if BR2_NEEDS_GETTEXT_IF_LOCALE
+	select BR2_PACKAGE_FLEX
+	select BR2_PACKAGE_FLEX_LIBFL
+	depends on (BR2_ENABLE_LOCALE && BR2_USE_WCHAR)
+	help
+	  A Security Framework that Provides Authentication for Applications
+
+	  http://linux-pam.org
+
+comment "linux-pam requires a toolchain with WCHAR and locale support"
+	depends on !(BR2_ENABLE_LOCALE && BR2_USE_WCHAR)
+
diff --git a/package/linux-pam/linux-pam-configure.patch b/package/linux-pam/linux-pam-configure.patch
new file mode 100644
index 0000000..0b2326b
--- /dev/null
+++ b/package/linux-pam/linux-pam-configure.patch
@@ -0,0 +1,20 @@
+Add check for ruserok
+
+ruserok is not available/functional in uclibc, provide conditions for compilation
+where needed.
+
+Signed-off-by: Dmitry Golubovsky <golubovsky@gmail.com>
+
+Index: linux-pam-1.1.4/configure.in
+============================================================================
+--- linux-pam-1.1.4/configure.in	2011-06-24 06:46:33.000000000 -0400
++++ linux-pam-1.1.4/configure.in	2012-08-09 21:14:11.000000000 -0400
+@@ -522,7 +522,7 @@
+ AC_CHECK_FUNCS(strcspn strdup strspn strstr strtol uname)
+ AC_CHECK_FUNCS(getutent_r getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r)
+ AC_CHECK_FUNCS(getgrouplist getline getdelim)
+-AC_CHECK_FUNCS(inet_ntop inet_pton innetgr ruserok_af)
++AC_CHECK_FUNCS(inet_ntop inet_pton innetgr ruserok_af ruserok)
+ 
+ AC_CHECK_FUNCS(unshare, [UNSHARE=yes], [UNSHARE=no])
+ AM_CONDITIONAL([HAVE_UNSHARE], [test "$UNSHARE" = yes])
diff --git a/package/linux-pam/linux-pam-doc-makefile-am.patch b/package/linux-pam/linux-pam-doc-makefile-am.patch
new file mode 100644
index 0000000..f08d349
--- /dev/null
+++ b/package/linux-pam/linux-pam-doc-makefile-am.patch
@@ -0,0 +1,33 @@
+Disable generation of documentation
+
+Generation of documentation is not necessary in Buildroot, disable it completely.
+
+Signed-off-by: Dmitry Golubovsky <golubovsky@gmail.com>
+
+Index: linux-pam-1.1.4/doc/Makefile.am
+============================================================================
+--- linux-pam-1.1.4/doc/Makefile.am	2011-06-21 05:04:56.000000000 -0400
++++ linux-pam-1.1.4/doc/Makefile.am	2012-08-09 05:59:23.000000000 -0400
+@@ -2,8 +2,6 @@
+ # Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@suse.de>
+ #
+ 
+-SUBDIRS = man specs sag adg mwg
+-
+ CLEANFILES = *~
+ 
+ dist_html_DATA = index.html
+@@ -11,12 +9,4 @@
+ #######################################################
+ 
+ releasedocs: all
+-	$(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/specs
+-	cp -av specs/draft-morgan-pam-current.txt \
+-		$(top_builddir)/Linux-PAM-$(VERSION)/doc/specs/
+-	cp -av $(srcdir)/specs/rfc86.0.txt \
+-		$(top_builddir)/Linux-PAM-$(VERSION)/doc/specs/
+-	make -C sag releasedocs
+-	make -C adg releasedocs
+-	make -C mwg releasedocs
+-	
++	/bin/true
diff --git a/package/linux-pam/linux-pam-group.patch b/package/linux-pam/linux-pam-group.patch
new file mode 100644
index 0000000..a94cf9e
--- /dev/null
+++ b/package/linux-pam/linux-pam-group.patch
@@ -0,0 +1,26 @@
+Conditionally compile per innetgr availability
+
+innetgr is not available/functional in uclibc, provide conditions for compilation.
+
+Signed-off-by: Dmitry Golubovsky <golubovsky@gmail.com>
+
+Index: linux-pam-1.1.4/modules/pam_group/pam_group.c
+============================================================================
+--- linux-pam-1.1.4/modules/pam_group/pam_group.c	2011-06-21 05:04:56.000000000 -0400
++++ linux-pam-1.1.4/modules/pam_group/pam_group.c	2012-08-09 21:35:06.000000000 -0400
+@@ -655,8 +655,14 @@
+ 	    continue;
+ 	}
+ 	/* If buffer starts with @, we are using netgroups */
+-	if (buffer[0] == '@')
++	if (buffer[0] == '@') {
++#ifdef HAVE_INNETGR
+ 	  good &= innetgr (&buffer[1], NULL, user, NULL);
++#else
++	  good = 0;
++	  pam_syslog (pamh, LOG_ERR, "pam_group does not have netgroup support");
++#endif  /* HAVE_INNETGR */
++	}
+ 	/* otherwise, if the buffer starts with %, it's a UNIX group */
+ 	else if (buffer[0] == '%')
+           good &= pam_modutil_user_in_group_nam_nam(pamh, user, &buffer[1]);
diff --git a/package/linux-pam/linux-pam-rhosts.patch b/package/linux-pam/linux-pam-rhosts.patch
new file mode 100644
index 0000000..58f9adb
--- /dev/null
+++ b/package/linux-pam/linux-pam-rhosts.patch
@@ -0,0 +1,24 @@
+Conditionally compile per ruserok availability
+
+ruserok is not available/functional in uclibc, provide conditions for compilation.
+
+Signed-off-by: Dmitry Golubovsky <golubovsky@gmail.com>
+
+Index: linux-pam-1.1.4/modules/pam_rhosts/pam_rhosts.c
+============================================================================
+--- linux-pam-1.1.4/modules/pam_rhosts/pam_rhosts.c	2011-06-21 05:04:56.000000000 -0400
++++ linux-pam-1.1.4/modules/pam_rhosts/pam_rhosts.c	2012-08-09 21:19:34.000000000 -0400
+@@ -114,8 +114,12 @@
+ #ifdef HAVE_RUSEROK_AF
+     retval = ruserok_af (rhost, as_root, ruser, luser, PF_UNSPEC);
+ #else
++  #ifdef HAVE_RUSEROK
+     retval = ruserok (rhost, as_root, ruser, luser);
+-#endif
++  #else
++    retval = -1;
++  #endif  /* HAVE_RUSEROK */
++#endif  /*HAVE_RUSEROK_AF */
+     if (retval != 0) {
+       if (!opt_silent || opt_debug)
+ 	pam_syslog(pamh, LOG_WARNING, "denied access to %s@%s as %s",
diff --git a/package/linux-pam/linux-pam-succeed.patch b/package/linux-pam/linux-pam-succeed.patch
new file mode 100644
index 0000000..8a675ef
--- /dev/null
+++ b/package/linux-pam/linux-pam-succeed.patch
@@ -0,0 +1,31 @@
+Conditionally compile per innetgr availability
+
+innetgr is not available/functional in uclibc, provide conditions for compilation.
+
+Signed-off-by: Dmitry Golubovsky <golubovsky@gmail.com>
+
+Index: linux-pam-1.1.4/modules/pam_succeed_if/pam_succeed_if.c
+============================================================================
+--- linux-pam-1.1.4/modules/pam_succeed_if/pam_succeed_if.c	2011-06-21 05:04:56.000000000 -0400
++++ linux-pam-1.1.4/modules/pam_succeed_if/pam_succeed_if.c	2012-08-09 21:05:02.000000000 -0400
+@@ -233,16 +233,20 @@
+ static int
+ evaluate_innetgr(const char *host, const char *user, const char *group)
+ {
++#ifdef HAVE_INNETGR
+ 	if (innetgr(group, host, user, NULL) == 1)
+ 		return PAM_SUCCESS;
++#endif /* HAVE_INNETGR */
+ 	return PAM_AUTH_ERR;
+ }
+ /* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */
+ static int
+ evaluate_notinnetgr(const char *host, const char *user, const char *group)
+ {
++#ifdef HAVE_INNETGR
+ 	if (innetgr(group, host, user, NULL) == 0)
+ 		return PAM_SUCCESS;
++#endif /* HAVE_INNETGR */
+ 	return PAM_AUTH_ERR;
+ }
+ 
diff --git a/package/linux-pam/linux-pam-time.patch b/package/linux-pam/linux-pam-time.patch
new file mode 100644
index 0000000..58d7c9f
--- /dev/null
+++ b/package/linux-pam/linux-pam-time.patch
@@ -0,0 +1,26 @@
+Conditionally compile per innetgr availability
+
+innetgr is not available/functional in uclibc, provide conditions for compilation.
+
+Signed-off-by: Dmitry Golubovsky <golubovsky@gmail.com>
+
+Index: linux-pam-1.1.4/modules/pam_time/pam_time.c
+============================================================================
+--- linux-pam-1.1.4/modules/pam_time/pam_time.c	2011-06-21 05:04:56.000000000 -0400
++++ linux-pam-1.1.4/modules/pam_time/pam_time.c	2012-08-09 21:02:29.000000000 -0400
+@@ -554,8 +554,14 @@
+ 	       continue;
+ 	  }
+ 	  /* If buffer starts with @, we are using netgroups */
+-	  if (buffer[0] == '@')
++	  if (buffer[0] == '@') {
++#ifdef HAVE_INNETGR
+ 	    good &= innetgr (&buffer[1], NULL, user, NULL);
++#else
++	    good = 0;
++	    pam_syslog (pamh, LOG_ERR, "pam_time does not have netgroup support");
++#endif /* HAVE_INNETGR */
++	  }
+ 	  else
+ 	    good &= logic_field(pamh, user, buffer, count, is_same);
+ 	  D(("with user: %s", good ? "passes":"fails" ));
diff --git a/package/linux-pam/linux-pam.mk b/package/linux-pam/linux-pam.mk
new file mode 100644
index 0000000..c308a41
--- /dev/null
+++ b/package/linux-pam/linux-pam.mk
@@ -0,0 +1,25 @@
+############################################
+#
+# linux-pam
+# 
+############################################
+
+LINUX_PAM_VERSION = 1.1.4
+LINUX_PAM_SOURCE = Linux-PAM-$(LINUX_PAM_VERSION).tar.bz2
+LINUX_PAM_SITE = http://linux-pam.org/library/
+LINUX_PAM_INSTALL_STAGING = YES
+LINUX_PAM_CONF_OPT = \
+	--disable-prelude \
+	--disable-isadir \
+	--disable-nis \
+	--disable-regenerate-docu \
+	--enable-securedir=/lib/security \
+	--libdir=/lib
+LINUX_PAM_DEPENDENCIES = $(if $(BR2_NEEDS_GETTEXT_IF_LOCALE),gettext libintl) flex
+LINUX_PAM_AUTORECONF = YES
+
+define LINUX_PAM_BUILD_CMDS
+	$(MAKE) CC="$(TARGET_CC) -lintl -lfl" LD="$(TARGET_LD)" -C $(@D) all
+endef
+
+$(eval $(autotools-package))
-- 
1.7.2.5

[Buildroot] [PATCH] Add package linux-pam

[Maxime Ripard]

Hi Dmitry,

This looks fine for me, I still have some comments however.

Le 10/08/2012 12:27, Dmitry a ?crit :
> Signed-off-by: Dmitry <golubovsky@gmail.com>
> ---
>  package/Config.in                                 |    1 +
>  package/linux-pam/Config.in                       |   15 +++++++++
>  package/linux-pam/linux-pam-configure.patch       |   20 ++++++++++++
>  package/linux-pam/linux-pam-doc-makefile-am.patch |   33 +++++++++++++++++++++
>  package/linux-pam/linux-pam-group.patch           |   26 ++++++++++++++++
>  package/linux-pam/linux-pam-rhosts.patch          |   24 +++++++++++++++
>  package/linux-pam/linux-pam-succeed.patch         |   31 +++++++++++++++++++
>  package/linux-pam/linux-pam-time.patch            |   26 ++++++++++++++++
>  package/linux-pam/linux-pam.mk                    |   25 ++++++++++++++++
>  9 files changed, 201 insertions(+), 0 deletions(-)
>  create mode 100644 package/linux-pam/Config.in
>  create mode 100644 package/linux-pam/linux-pam-configure.patch
>  create mode 100644 package/linux-pam/linux-pam-doc-makefile-am.patch
>  create mode 100644 package/linux-pam/linux-pam-group.patch
>  create mode 100644 package/linux-pam/linux-pam-rhosts.patch
>  create mode 100644 package/linux-pam/linux-pam-succeed.patch
>  create mode 100644 package/linux-pam/linux-pam-time.patch
>  create mode 100644 package/linux-pam/linux-pam.mk

From what I can see, this patchset only removes calls to ruserok and
innetgr. Could you merge them together so that all the conditionnal
removal of ruserok is only in one patch and all the conditional removal
of inetgr in another ?

Basically, you would have two patches:
  - the ruserok one, which is the merge of linux-pam-configure.patch and
linux-pam-rhosts.patch,
  - the innetgr one, which is the merge of linux-pam-group.patch,
linux-pam-succeed.patch and linux-pam-time.patch

Also, could you be more explicit with regard to patch names ? Like
linux-pam-disable-ruserok.patch.

[...]

> +############################################
> +#
> +# linux-pam
> +# 
> +############################################
> +
> +LINUX_PAM_VERSION = 1.1.4
> +LINUX_PAM_SOURCE = Linux-PAM-$(LINUX_PAM_VERSION).tar.bz2

Since gz archives are also available, I guess you can drop this line.

> +LINUX_PAM_SITE = http://linux-pam.org/library/
> +LINUX_PAM_INSTALL_STAGING = YES
> +LINUX_PAM_CONF_OPT = \
> +	--disable-prelude \
> +	--disable-isadir \
> +	--disable-nis \
> +	--disable-regenerate-docu \
> +	--enable-securedir=/lib/security \
> +	--libdir=/lib
> +LINUX_PAM_DEPENDENCIES = $(if $(BR2_NEEDS_GETTEXT_IF_LOCALE),gettext libintl) flex

You can drop the libintl here. I know that a lot of packages do that,
but this is useless, since the libintl package doesn't exist.

> +LINUX_PAM_AUTORECONF = YES
> +
> +define LINUX_PAM_BUILD_CMDS
> +	$(MAKE) CC="$(TARGET_CC) -lintl -lfl" LD="$(TARGET_LD)" -C $(@D) all
> +endef

Why do you need to set -lintl -lfl options ?

Thanks,
Maxime

-- 
Maxime Ripard, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com

[Buildroot] [PATCH] Add package linux-pam

[Dmitry Golubovsky]

Maxime,

On Wed, Aug 22, 2012 at 3:09 AM, Maxime Ripard
<maxime.ripard@free-electrons.com> wrote:
> Hi Dmitry,
>
> This looks fine for me, I still have some comments however.

Thomas applied this patch to next already:

http://git.buildroot.net/buildroot/commit/?h=next&id=04be7f0f8ca100afaf06b264332bc2cd61fbb3d0

But I'll try to answer to your comments


> From what I can see, this patchset only removes calls to ruserok and
> innetgr. Could you merge them together so that all the conditionnal
> removal of ruserok is only in one patch and all the conditional removal
> of inetgr in another ?

It makes use of ruserok and innetgr conditional as defined by
configure tests. Something that is not very much consistent in
linux-pam itself: some of its files did have check for innetgr, other
just called it. Configure test for innetgr existed in linux-pam. There
was no test for ruserok.

This is merely technical, the way I created those patches was manual
diffing of files in a pristine linux-pam source tree vs. working copy
in Buildroot build area. This time I did file-wise to make sure each
file compiles after patching. Patches for systemd are organized more
at functional level (like fixing %ms format in all files that use it
altogether).

> Also, could you be more explicit with regard to patch names ? Like
> linux-pam-disable-ruserok.patch.

Patch names are again file-wise.

>> +
>> +LINUX_PAM_VERSION = 1.1.4
>> +LINUX_PAM_SOURCE = Linux-PAM-$(LINUX_PAM_VERSION).tar.bz2
>
> Since gz archives are also available, I guess you can drop this line.

They are, but .bz2 is smaller: why download more?

>
>> +LINUX_PAM_SITE = http://linux-pam.org/library/
>> +LINUX_PAM_INSTALL_STAGING = YES
>> +LINUX_PAM_CONF_OPT = \
>> +     --disable-prelude \
>> +     --disable-isadir \
>> +     --disable-nis \
>> +     --disable-regenerate-docu \
>> +     --enable-securedir=/lib/security \
>> +     --libdir=/lib
>> +LINUX_PAM_DEPENDENCIES = $(if $(BR2_NEEDS_GETTEXT_IF_LOCALE),gettext libintl) flex
>
> You can drop the libintl here. I know that a lot of packages do that,
> but this is useless, since the libintl package doesn't exist.

from .config:

#
# gcc needs development files in target filesystem
#
BR2_PACKAGE_GETTEXT=y
BR2_PACKAGE_LIBINTL=y

And indeed a bunch of packages have it in their dependencies. So why
is BR2_PACKAGE_LIBINTL in the config?

>
>> +LINUX_PAM_AUTORECONF = YES
>> +
>> +define LINUX_PAM_BUILD_CMDS
>> +     $(MAKE) CC="$(TARGET_CC) -lintl -lfl" LD="$(TARGET_LD)" -C $(@D) all
>> +endef
>
> Why do you need to set -lintl -lfl options ?

I had build errors without this.

Thanks.

-- 
Dmitry Golubovsky

Anywhere on the Web

[Buildroot] [PATCH] Add package linux-pam

[Maxime Ripard]

Hi,

Le 23/08/2012 03:53, Dmitry Golubovsky a ?crit :
> On Wed, Aug 22, 2012 at 3:09 AM, Maxime Ripard
> <maxime.ripard@free-electrons.com> wrote:
>> This looks fine for me, I still have some comments however.
> 
> Thomas applied this patch to next already:
> 
> http://git.buildroot.net/buildroot/commit/?h=next&id=04be7f0f8ca100afaf06b264332bc2cd61fbb3d0

Yes, I saw that just after sending the mail. Sorry.

>>> +LINUX_PAM_SITE = http://linux-pam.org/library/
>>> +LINUX_PAM_INSTALL_STAGING = YES
>>> +LINUX_PAM_CONF_OPT = \
>>> +     --disable-prelude \
>>> +     --disable-isadir \
>>> +     --disable-nis \
>>> +     --disable-regenerate-docu \
>>> +     --enable-securedir=/lib/security \
>>> +     --libdir=/lib
>>> +LINUX_PAM_DEPENDENCIES = $(if $(BR2_NEEDS_GETTEXT_IF_LOCALE),gettext libintl) flex
>>
>> You can drop the libintl here. I know that a lot of packages do that,
>> but this is useless, since the libintl package doesn't exist.
> 
> from .config:
> 
> #
> # gcc needs development files in target filesystem
> #
> BR2_PACKAGE_GETTEXT=y
> BR2_PACKAGE_LIBINTL=y
> 
> And indeed a bunch of packages have it in their dependencies. So why
> is BR2_PACKAGE_LIBINTL in the config?

Well, actually, the content of _DEPENDENCIES are the package names, and
are not quite related to Kconfig here. If you look into packages/, you
will see that there is only a gettext package and no libintl package.
And it is this gettext package that defines the Kconfig symbol
BR2_PACKAGE_LIBINTL in package/gettext/Config.in (and this option adds
nothing at all, it actually removes the gettext binaries to leave only
the libintl). All of this is likely to change quite soon though, as few
of us have worked on making all the gettext stuff more consistent.

-- 
Maxime Ripard, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com

[Buildroot] [PATCH] Add package linux-pam

[Thomas Petazzoni]

Le Fri, 10 Aug 2012 22:50:26 -0400,
Dmitry <golubovsky@gmail.com> a ?crit :

> Signed-off-by: Dmitry <golubovsky@gmail.com>
> ---
>  package/Config.in                                 |    1 +
>  package/linux-pam/Config.in                       |   15 +++++++++
>  package/linux-pam/linux-pam-configure.patch       |   20 ++++++++++++
>  package/linux-pam/linux-pam-doc-makefile-am.patch |   33 +++++++++++++++++++++
>  package/linux-pam/linux-pam-group.patch           |   26 ++++++++++++++++
>  package/linux-pam/linux-pam-rhosts.patch          |   24 +++++++++++++++
>  package/linux-pam/linux-pam-succeed.patch         |   31 +++++++++++++++++++
>  package/linux-pam/linux-pam-time.patch            |   26 ++++++++++++++++
>  package/linux-pam/linux-pam.mk                    |   27 +++++++++++++++++
>  9 files changed, 203 insertions(+), 0 deletions(-)

Applied to next, thanks.

Thomas
-- 
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com

[Buildroot] [PATCH] Add package linux-pam

[Dmitry Golubovsky]

Thomas,

On Fri, Aug 10, 2012 at 4:04 PM, Thomas Petazzoni
<thomas.petazzoni@free-electrons.com> wrote:

> Try this instead:
>
> ifeq ($(BR2_PACKAGE_LIBINTL),y)
> LINUX_PAM_MAKE_OPT += LIBS=-lintl
> endif

Thanks, this works.

Patch resubmitted.

-- 
Dmitry Golubovsky

Anywhere on the Web

[Buildroot] [PATCH] Add package linux-pam

[Dmitry]

Signed-off-by: Dmitry <golubovsky@gmail.com>
---
 package/Config.in                                 |    1 +
 package/linux-pam/Config.in                       |   15 +++++++++
 package/linux-pam/linux-pam-configure.patch       |   20 ++++++++++++
 package/linux-pam/linux-pam-doc-makefile-am.patch |   33 +++++++++++++++++++++
 package/linux-pam/linux-pam-group.patch           |   26 ++++++++++++++++
 package/linux-pam/linux-pam-rhosts.patch          |   24 +++++++++++++++
 package/linux-pam/linux-pam-succeed.patch         |   31 +++++++++++++++++++
 package/linux-pam/linux-pam-time.patch            |   26 ++++++++++++++++
 package/linux-pam/linux-pam.mk                    |   27 +++++++++++++++++
 9 files changed, 203 insertions(+), 0 deletions(-)
 create mode 100644 package/linux-pam/Config.in
 create mode 100644 package/linux-pam/linux-pam-configure.patch
 create mode 100644 package/linux-pam/linux-pam-doc-makefile-am.patch
 create mode 100644 package/linux-pam/linux-pam-group.patch
 create mode 100644 package/linux-pam/linux-pam-rhosts.patch
 create mode 100644 package/linux-pam/linux-pam-succeed.patch
 create mode 100644 package/linux-pam/linux-pam-time.patch
 create mode 100644 package/linux-pam/linux-pam.mk

diff --git a/package/Config.in b/package/Config.in
index f308de7..28bca5f 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -460,6 +460,7 @@ source "package/libnspr/Config.in"
 source "package/libsigc/Config.in"
 source "package/libtpl/Config.in"
 source "package/liburcu/Config.in"
+source "package/linux-pam/Config.in"
 source "package/lttng-libust/Config.in"
 source "package/orc/Config.in"
 source "package/poco/Config.in"
diff --git a/package/linux-pam/Config.in b/package/linux-pam/Config.in
new file mode 100644
index 0000000..722b875
--- /dev/null
+++ b/package/linux-pam/Config.in
@@ -0,0 +1,15 @@
+config BR2_PACKAGE_LINUX_PAM
+	bool "linux-pam"
+	select BR2_PACKAGE_LIBINTL if BR2_NEEDS_GETTEXT_IF_LOCALE
+	select BR2_PACKAGE_GETTEXT if BR2_NEEDS_GETTEXT_IF_LOCALE
+	select BR2_PACKAGE_FLEX
+	select BR2_PACKAGE_FLEX_LIBFL
+	depends on (BR2_ENABLE_LOCALE && BR2_USE_WCHAR)
+	help
+	  A Security Framework that Provides Authentication for Applications
+
+	  http://linux-pam.org
+
+comment "linux-pam requires a toolchain with WCHAR and locale support"
+	depends on !(BR2_ENABLE_LOCALE && BR2_USE_WCHAR)
+
diff --git a/package/linux-pam/linux-pam-configure.patch b/package/linux-pam/linux-pam-configure.patch
new file mode 100644
index 0000000..0b2326b
--- /dev/null
+++ b/package/linux-pam/linux-pam-configure.patch
@@ -0,0 +1,20 @@
+Add check for ruserok
+
+ruserok is not available/functional in uclibc, provide conditions for compilation
+where needed.
+
+Signed-off-by: Dmitry Golubovsky <golubovsky@gmail.com>
+
+Index: linux-pam-1.1.4/configure.in
+============================================================================
+--- linux-pam-1.1.4/configure.in	2011-06-24 06:46:33.000000000 -0400
++++ linux-pam-1.1.4/configure.in	2012-08-09 21:14:11.000000000 -0400
+@@ -522,7 +522,7 @@
+ AC_CHECK_FUNCS(strcspn strdup strspn strstr strtol uname)
+ AC_CHECK_FUNCS(getutent_r getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r)
+ AC_CHECK_FUNCS(getgrouplist getline getdelim)
+-AC_CHECK_FUNCS(inet_ntop inet_pton innetgr ruserok_af)
++AC_CHECK_FUNCS(inet_ntop inet_pton innetgr ruserok_af ruserok)
+ 
+ AC_CHECK_FUNCS(unshare, [UNSHARE=yes], [UNSHARE=no])
+ AM_CONDITIONAL([HAVE_UNSHARE], [test "$UNSHARE" = yes])
diff --git a/package/linux-pam/linux-pam-doc-makefile-am.patch b/package/linux-pam/linux-pam-doc-makefile-am.patch
new file mode 100644
index 0000000..f08d349
--- /dev/null
+++ b/package/linux-pam/linux-pam-doc-makefile-am.patch
@@ -0,0 +1,33 @@
+Disable generation of documentation
+
+Generation of documentation is not necessary in Buildroot, disable it completely.
+
+Signed-off-by: Dmitry Golubovsky <golubovsky@gmail.com>
+
+Index: linux-pam-1.1.4/doc/Makefile.am
+============================================================================
+--- linux-pam-1.1.4/doc/Makefile.am	2011-06-21 05:04:56.000000000 -0400
++++ linux-pam-1.1.4/doc/Makefile.am	2012-08-09 05:59:23.000000000 -0400
+@@ -2,8 +2,6 @@
+ # Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@suse.de>
+ #
+ 
+-SUBDIRS = man specs sag adg mwg
+-
+ CLEANFILES = *~
+ 
+ dist_html_DATA = index.html
+@@ -11,12 +9,4 @@
+ #######################################################
+ 
+ releasedocs: all
+-	$(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/specs
+-	cp -av specs/draft-morgan-pam-current.txt \
+-		$(top_builddir)/Linux-PAM-$(VERSION)/doc/specs/
+-	cp -av $(srcdir)/specs/rfc86.0.txt \
+-		$(top_builddir)/Linux-PAM-$(VERSION)/doc/specs/
+-	make -C sag releasedocs
+-	make -C adg releasedocs
+-	make -C mwg releasedocs
+-	
++	/bin/true
diff --git a/package/linux-pam/linux-pam-group.patch b/package/linux-pam/linux-pam-group.patch
new file mode 100644
index 0000000..a94cf9e
--- /dev/null
+++ b/package/linux-pam/linux-pam-group.patch
@@ -0,0 +1,26 @@
+Conditionally compile per innetgr availability
+
+innetgr is not available/functional in uclibc, provide conditions for compilation.
+
+Signed-off-by: Dmitry Golubovsky <golubovsky@gmail.com>
+
+Index: linux-pam-1.1.4/modules/pam_group/pam_group.c
+============================================================================
+--- linux-pam-1.1.4/modules/pam_group/pam_group.c	2011-06-21 05:04:56.000000000 -0400
++++ linux-pam-1.1.4/modules/pam_group/pam_group.c	2012-08-09 21:35:06.000000000 -0400
+@@ -655,8 +655,14 @@
+ 	    continue;
+ 	}
+ 	/* If buffer starts with @, we are using netgroups */
+-	if (buffer[0] == '@')
++	if (buffer[0] == '@') {
++#ifdef HAVE_INNETGR
+ 	  good &= innetgr (&buffer[1], NULL, user, NULL);
++#else
++	  good = 0;
++	  pam_syslog (pamh, LOG_ERR, "pam_group does not have netgroup support");
++#endif  /* HAVE_INNETGR */
++	}
+ 	/* otherwise, if the buffer starts with %, it's a UNIX group */
+ 	else if (buffer[0] == '%')
+           good &= pam_modutil_user_in_group_nam_nam(pamh, user, &buffer[1]);
diff --git a/package/linux-pam/linux-pam-rhosts.patch b/package/linux-pam/linux-pam-rhosts.patch
new file mode 100644
index 0000000..58f9adb
--- /dev/null
+++ b/package/linux-pam/linux-pam-rhosts.patch
@@ -0,0 +1,24 @@
+Conditionally compile per ruserok availability
+
+ruserok is not available/functional in uclibc, provide conditions for compilation.
+
+Signed-off-by: Dmitry Golubovsky <golubovsky@gmail.com>
+
+Index: linux-pam-1.1.4/modules/pam_rhosts/pam_rhosts.c
+============================================================================
+--- linux-pam-1.1.4/modules/pam_rhosts/pam_rhosts.c	2011-06-21 05:04:56.000000000 -0400
++++ linux-pam-1.1.4/modules/pam_rhosts/pam_rhosts.c	2012-08-09 21:19:34.000000000 -0400
+@@ -114,8 +114,12 @@
+ #ifdef HAVE_RUSEROK_AF
+     retval = ruserok_af (rhost, as_root, ruser, luser, PF_UNSPEC);
+ #else
++  #ifdef HAVE_RUSEROK
+     retval = ruserok (rhost, as_root, ruser, luser);
+-#endif
++  #else
++    retval = -1;
++  #endif  /* HAVE_RUSEROK */
++#endif  /*HAVE_RUSEROK_AF */
+     if (retval != 0) {
+       if (!opt_silent || opt_debug)
+ 	pam_syslog(pamh, LOG_WARNING, "denied access to %s@%s as %s",
diff --git a/package/linux-pam/linux-pam-succeed.patch b/package/linux-pam/linux-pam-succeed.patch
new file mode 100644
index 0000000..8a675ef
--- /dev/null
+++ b/package/linux-pam/linux-pam-succeed.patch
@@ -0,0 +1,31 @@
+Conditionally compile per innetgr availability
+
+innetgr is not available/functional in uclibc, provide conditions for compilation.
+
+Signed-off-by: Dmitry Golubovsky <golubovsky@gmail.com>
+
+Index: linux-pam-1.1.4/modules/pam_succeed_if/pam_succeed_if.c
+============================================================================
+--- linux-pam-1.1.4/modules/pam_succeed_if/pam_succeed_if.c	2011-06-21 05:04:56.000000000 -0400
++++ linux-pam-1.1.4/modules/pam_succeed_if/pam_succeed_if.c	2012-08-09 21:05:02.000000000 -0400
+@@ -233,16 +233,20 @@
+ static int
+ evaluate_innetgr(const char *host, const char *user, const char *group)
+ {
++#ifdef HAVE_INNETGR
+ 	if (innetgr(group, host, user, NULL) == 1)
+ 		return PAM_SUCCESS;
++#endif /* HAVE_INNETGR */
+ 	return PAM_AUTH_ERR;
+ }
+ /* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */
+ static int
+ evaluate_notinnetgr(const char *host, const char *user, const char *group)
+ {
++#ifdef HAVE_INNETGR
+ 	if (innetgr(group, host, user, NULL) == 0)
+ 		return PAM_SUCCESS;
++#endif /* HAVE_INNETGR */
+ 	return PAM_AUTH_ERR;
+ }
+ 
diff --git a/package/linux-pam/linux-pam-time.patch b/package/linux-pam/linux-pam-time.patch
new file mode 100644
index 0000000..58d7c9f
--- /dev/null
+++ b/package/linux-pam/linux-pam-time.patch
@@ -0,0 +1,26 @@
+Conditionally compile per innetgr availability
+
+innetgr is not available/functional in uclibc, provide conditions for compilation.
+
+Signed-off-by: Dmitry Golubovsky <golubovsky@gmail.com>
+
+Index: linux-pam-1.1.4/modules/pam_time/pam_time.c
+============================================================================
+--- linux-pam-1.1.4/modules/pam_time/pam_time.c	2011-06-21 05:04:56.000000000 -0400
++++ linux-pam-1.1.4/modules/pam_time/pam_time.c	2012-08-09 21:02:29.000000000 -0400
+@@ -554,8 +554,14 @@
+ 	       continue;
+ 	  }
+ 	  /* If buffer starts with @, we are using netgroups */
+-	  if (buffer[0] == '@')
++	  if (buffer[0] == '@') {
++#ifdef HAVE_INNETGR
+ 	    good &= innetgr (&buffer[1], NULL, user, NULL);
++#else
++	    good = 0;
++	    pam_syslog (pamh, LOG_ERR, "pam_time does not have netgroup support");
++#endif /* HAVE_INNETGR */
++	  }
+ 	  else
+ 	    good &= logic_field(pamh, user, buffer, count, is_same);
+ 	  D(("with user: %s", good ? "passes":"fails" ));
diff --git a/package/linux-pam/linux-pam.mk b/package/linux-pam/linux-pam.mk
new file mode 100644
index 0000000..55448a8
--- /dev/null
+++ b/package/linux-pam/linux-pam.mk
@@ -0,0 +1,27 @@
+############################################
+#
+# linux-pam
+# 
+############################################
+
+LINUX_PAM_VERSION = 1.1.4
+LINUX_PAM_SOURCE = Linux-PAM-$(LINUX_PAM_VERSION).tar.bz2
+LINUX_PAM_SITE = http://linux-pam.org/library/
+LINUX_PAM_INSTALL_STAGING = YES
+LINUX_PAM_CONF_OPT = \
+	--disable-prelude \
+	--disable-isadir \
+	--disable-nis \
+	--disable-regenerate-docu \
+	--enable-securedir=/lib/security \
+	--libdir=/lib
+LINUX_PAM_DEPENDENCIES = $(if $(BR2_NEEDS_GETTEXT_IF_LOCALE),gettext libintl) flex
+LINUX_PAM_AUTORECONF = YES
+LINUX_PAM_LICENSE = BSD
+LINUX_PAM_LICENSE_FILES = Copyright
+
+ifeq ($(BR2_PACKAGE_LIBINTL),y)
+	LINUX_PAM_MAKE_OPT += LIBS=-lintl
+endif
+
+$(eval $(autotools-package))
-- 
1.7.2.5

[Buildroot] [PATCH] Add package linux-pam

[Thomas Petazzoni]

Le Fri, 10 Aug 2012 06:30:49 -0400,
Dmitry Golubovsky <golubovsky@gmail.com> a ?crit :

> > This line is not needed, please remove.
> 
> I removed it. However it is still there in few places:
> 
> $ grep -rl "INSTALL_TARGET = YES" package/
> package/libglib2/libglib2.mk
> package/libgtk2/libgtk2.mk

Patches welcome :-)

> And surely install to target is needed for PAM (security modules)

Installation to target is enabled by default. From
package/pkg-generic.mk:

$(2)_INSTALL_STAGING            ?= NO
$(2)_INSTALL_IMAGES             ?= NO
$(2)_INSTALL_TARGET             ?= YES

> > Instead of overriding LINUX_PAM_BUILD_CMDS, I would recommend using:
> >
> > LINUX_PAM_CONF_ENV += \
> >         CC="$(TARGET_CC) -lintl -lfl"
> 
> This gives me configure error "compiler cannot create executables" so
> I left this unchanged.

Try this instead:

ifeq ($(BR2_PACKAGE_LIBINTL),y)
LINUX_PAM_MAKE_OPT += LIBS=-lintl
endif

Best regards,

Thomas
-- 
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com

[Buildroot] [PATCH] Add package linux-pam

[Dmitry Golubovsky]

Thomas,

On Fri, Aug 10, 2012 at 3:41 AM, Thomas Petazzoni
<thomas.petazzoni@free-electrons.com> wrote:

>
> Each of your patches should contain a header with a description +
> Signed-off-by line. See
> package/libfcgi/libfcgi-link-against-libfcgi-la.patch for example.
>

Added.

>
> This line is not needed, please remove.
>

I removed it. However it is still there in few places:

$ grep -rl "INSTALL_TARGET = YES" package/
package/libglib2/libglib2.mk
package/libgtk2/libgtk2.mk

And surely install to target is needed for PAM (security modules)

>
> We generally format this in a different way:
>
> LINUX_PAM_CONF_OPT = \
>         --disable-prelude \
>         --disable-isadir  \
>         --disable-nis     \
>         --disable-regenerate-docu \
>         --enable-securedir=/lib/security \
>         --libdir=/lib

Fixed.

> I think libintl should be part of the $(if
> $(BR2_NEEDS_GETTEXT_IF_LOCALE),gettext) conditional: when building with
> a glibc toolchain, BR2_NEEDS_GETTEXT_IF_LOCALE will be false, because
> glibc has a builtin version of libintl.

Fixed.


>
> Instead of overriding LINUX_PAM_BUILD_CMDS, I would recommend using:
>
> LINUX_PAM_CONF_ENV += \
>         CC="$(TARGET_CC) -lintl -lfl"

This gives me configure error "compiler cannot create executables" so
I left this unchanged.

Thanks.

--
Dmitry Golubovsky

Anywhere on the Web


-- 
Dmitry Golubovsky

Anywhere on the Web

[Buildroot] [PATCH] Add package linux-pam

[Thomas Petazzoni]

Hello Dmitry,

Le Thu,  9 Aug 2012 23:32:55 -0400,
Dmitry <golubovsky@gmail.com> a ?crit :

> Signed-off-by: Dmitry <golubovsky@gmail.com>
> ---

Thanks, this looks good! A few comments below.

>  package/Config.in                                 |    1 +
>  package/linux-pam/Config.in                       |   15 ++++++++++++
>  package/linux-pam/linux-pam-configure.patch       |   11 +++++++++
>  package/linux-pam/linux-pam-doc-makefile-am.patch |   25 +++++++++++++++++++++
>  package/linux-pam/linux-pam-group.patch           |   18 +++++++++++++++
>  package/linux-pam/linux-pam-rhosts.patch          |   16 +++++++++++++
>  package/linux-pam/linux-pam-succeed.patch         |   23 +++++++++++++++++++
>  package/linux-pam/linux-pam-time.patch            |   18 +++++++++++++++

Each of your patches should contain a header with a description +
Signed-off-by line. See
package/libfcgi/libfcgi-link-against-libfcgi-la.patch for example.

> +++ b/package/linux-pam/linux-pam.mk
> @@ -0,0 +1,21 @@
> +############################################
> +#
> +# linux-pam
> +# 
> +############################################
> +
> +LINUX_PAM_VERSION = 1.1.4
> +LINUX_PAM_SOURCE = Linux-PAM-$(LINUX_PAM_VERSION).tar.bz2
> +LINUX_PAM_SITE = http://linux-pam.org/library/
> +LINUX_PAM_INSTALL_STAGING = YES
> +LINUX_PAM_INSTALL_TARGET = YES

This line is not needed, please remove.

> +LINUX_PAM_CONF_OPT = --disable-prelude --disable-isadir --disable-nis --disable-regenerate-docu
> +LINUX_PAM_CONF_OPT += --enable-securedir=/lib/security --libdir=/lib

We generally format this in a different way:

LINUX_PAM_CONF_OPT = \
	--disable-prelude \
	--disable-isadir  \
	--disable-nis     \
	--disable-regenerate-docu \
	--enable-securedir=/lib/security \
	--libdir=/lib

> +LINUX_PAM_DEPENDENCIES = $(if $(BR2_NEEDS_GETTEXT_IF_LOCALE),gettext) libintl flex

I think libintl should be part of the $(if
$(BR2_NEEDS_GETTEXT_IF_LOCALE),gettext) conditional: when building with
a glibc toolchain, BR2_NEEDS_GETTEXT_IF_LOCALE will be false, because
glibc has a builtin version of libintl.

> +LINUX_PAM_AUTORECONF = YES
> +
> +define LINUX_PAM_BUILD_CMDS
> +	$(MAKE) CC="$(TARGET_CC) -lintl -lfl" LD="$(TARGET_LD)" -C $(@D) all
> +endef

Instead of overriding LINUX_PAM_BUILD_CMDS, I would recommend using:

LINUX_PAM_CONF_ENV += \
	CC="$(TARGET_CC) -lintl -lfl"

Best regards,

Thomas
-- 
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com

[Buildroot] [PATCH] Add package linux-pam

[Dmitry]

Signed-off-by: Dmitry <golubovsky@gmail.com>
---
 package/Config.in                                 |    1 +
 package/linux-pam/Config.in                       |   15 ++++++++++++
 package/linux-pam/linux-pam-configure.patch       |   11 +++++++++
 package/linux-pam/linux-pam-doc-makefile-am.patch |   25 +++++++++++++++++++++
 package/linux-pam/linux-pam-group.patch           |   18 +++++++++++++++
 package/linux-pam/linux-pam-rhosts.patch          |   16 +++++++++++++
 package/linux-pam/linux-pam-succeed.patch         |   23 +++++++++++++++++++
 package/linux-pam/linux-pam-time.patch            |   18 +++++++++++++++
 package/linux-pam/linux-pam.mk                    |   21 +++++++++++++++++
 9 files changed, 148 insertions(+), 0 deletions(-)
 create mode 100644 package/linux-pam/Config.in
 create mode 100644 package/linux-pam/linux-pam-configure.patch
 create mode 100644 package/linux-pam/linux-pam-doc-makefile-am.patch
 create mode 100644 package/linux-pam/linux-pam-group.patch
 create mode 100644 package/linux-pam/linux-pam-rhosts.patch
 create mode 100644 package/linux-pam/linux-pam-succeed.patch
 create mode 100644 package/linux-pam/linux-pam-time.patch
 create mode 100644 package/linux-pam/linux-pam.mk

diff --git a/package/Config.in b/package/Config.in
index f308de7..28bca5f 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -460,6 +460,7 @@ source "package/libnspr/Config.in"
 source "package/libsigc/Config.in"
 source "package/libtpl/Config.in"
 source "package/liburcu/Config.in"
+source "package/linux-pam/Config.in"
 source "package/lttng-libust/Config.in"
 source "package/orc/Config.in"
 source "package/poco/Config.in"
diff --git a/package/linux-pam/Config.in b/package/linux-pam/Config.in
new file mode 100644
index 0000000..722b875
--- /dev/null
+++ b/package/linux-pam/Config.in
@@ -0,0 +1,15 @@
+config BR2_PACKAGE_LINUX_PAM
+	bool "linux-pam"
+	select BR2_PACKAGE_LIBINTL if BR2_NEEDS_GETTEXT_IF_LOCALE
+	select BR2_PACKAGE_GETTEXT if BR2_NEEDS_GETTEXT_IF_LOCALE
+	select BR2_PACKAGE_FLEX
+	select BR2_PACKAGE_FLEX_LIBFL
+	depends on (BR2_ENABLE_LOCALE && BR2_USE_WCHAR)
+	help
+	  A Security Framework that Provides Authentication for Applications
+
+	  http://linux-pam.org
+
+comment "linux-pam requires a toolchain with WCHAR and locale support"
+	depends on !(BR2_ENABLE_LOCALE && BR2_USE_WCHAR)
+
diff --git a/package/linux-pam/linux-pam-configure.patch b/package/linux-pam/linux-pam-configure.patch
new file mode 100644
index 0000000..26b3d4e
--- /dev/null
+++ b/package/linux-pam/linux-pam-configure.patch
@@ -0,0 +1,11 @@
+--- linux-pam-1.1.4/configure.in	2011-06-24 06:46:33.000000000 -0400
++++ linux-pam-1.1.4/configure.in	2012-08-09 21:14:11.000000000 -0400
+@@ -522,7 +522,7 @@
+ AC_CHECK_FUNCS(strcspn strdup strspn strstr strtol uname)
+ AC_CHECK_FUNCS(getutent_r getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r)
+ AC_CHECK_FUNCS(getgrouplist getline getdelim)
+-AC_CHECK_FUNCS(inet_ntop inet_pton innetgr ruserok_af)
++AC_CHECK_FUNCS(inet_ntop inet_pton innetgr ruserok_af ruserok)
+ 
+ AC_CHECK_FUNCS(unshare, [UNSHARE=yes], [UNSHARE=no])
+ AM_CONDITIONAL([HAVE_UNSHARE], [test "$UNSHARE" = yes])
diff --git a/package/linux-pam/linux-pam-doc-makefile-am.patch b/package/linux-pam/linux-pam-doc-makefile-am.patch
new file mode 100644
index 0000000..b0f367a
--- /dev/null
+++ b/package/linux-pam/linux-pam-doc-makefile-am.patch
@@ -0,0 +1,25 @@
+--- linux-pam-1.1.4/doc/Makefile.am	2011-06-21 05:04:56.000000000 -0400
++++ linux-pam-1.1.4/doc/Makefile.am	2012-08-09 05:59:23.000000000 -0400
+@@ -2,8 +2,6 @@
+ # Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@suse.de>
+ #
+ 
+-SUBDIRS = man specs sag adg mwg
+-
+ CLEANFILES = *~
+ 
+ dist_html_DATA = index.html
+@@ -11,12 +9,4 @@
+ #######################################################
+ 
+ releasedocs: all
+-	$(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/specs
+-	cp -av specs/draft-morgan-pam-current.txt \
+-		$(top_builddir)/Linux-PAM-$(VERSION)/doc/specs/
+-	cp -av $(srcdir)/specs/rfc86.0.txt \
+-		$(top_builddir)/Linux-PAM-$(VERSION)/doc/specs/
+-	make -C sag releasedocs
+-	make -C adg releasedocs
+-	make -C mwg releasedocs
+-	
++	/bin/true
diff --git a/package/linux-pam/linux-pam-group.patch b/package/linux-pam/linux-pam-group.patch
new file mode 100644
index 0000000..8d57adc
--- /dev/null
+++ b/package/linux-pam/linux-pam-group.patch
@@ -0,0 +1,18 @@
+--- linux-pam-1.1.4/modules/pam_group/pam_group.c	2011-06-21 05:04:56.000000000 -0400
++++ linux-pam-1.1.4/modules/pam_group/pam_group.c	2012-08-09 21:35:06.000000000 -0400
+@@ -655,8 +655,14 @@
+ 	    continue;
+ 	}
+ 	/* If buffer starts with @, we are using netgroups */
+-	if (buffer[0] == '@')
++	if (buffer[0] == '@') {
++#ifdef HAVE_INNETGR
+ 	  good &= innetgr (&buffer[1], NULL, user, NULL);
++#else
++	  good = 0;
++	  pam_syslog (pamh, LOG_ERR, "pam_group does not have netgroup support");
++#endif  /* HAVE_INNETGR */
++	}
+ 	/* otherwise, if the buffer starts with %, it's a UNIX group */
+ 	else if (buffer[0] == '%')
+           good &= pam_modutil_user_in_group_nam_nam(pamh, user, &buffer[1]);
diff --git a/package/linux-pam/linux-pam-rhosts.patch b/package/linux-pam/linux-pam-rhosts.patch
new file mode 100644
index 0000000..fbe633f
--- /dev/null
+++ b/package/linux-pam/linux-pam-rhosts.patch
@@ -0,0 +1,16 @@
+--- linux-pam-1.1.4/modules/pam_rhosts/pam_rhosts.c	2011-06-21 05:04:56.000000000 -0400
++++ linux-pam-1.1.4/modules/pam_rhosts/pam_rhosts.c	2012-08-09 21:19:34.000000000 -0400
+@@ -114,8 +114,12 @@
+ #ifdef HAVE_RUSEROK_AF
+     retval = ruserok_af (rhost, as_root, ruser, luser, PF_UNSPEC);
+ #else
++  #ifdef HAVE_RUSEROK
+     retval = ruserok (rhost, as_root, ruser, luser);
+-#endif
++  #else
++    retval = -1;
++  #endif  /* HAVE_RUSEROK */
++#endif  /*HAVE_RUSEROK_AF */
+     if (retval != 0) {
+       if (!opt_silent || opt_debug)
+ 	pam_syslog(pamh, LOG_WARNING, "denied access to %s@%s as %s",
diff --git a/package/linux-pam/linux-pam-succeed.patch b/package/linux-pam/linux-pam-succeed.patch
new file mode 100644
index 0000000..5a49f46
--- /dev/null
+++ b/package/linux-pam/linux-pam-succeed.patch
@@ -0,0 +1,23 @@
+--- linux-pam-1.1.4/modules/pam_succeed_if/pam_succeed_if.c	2011-06-21 05:04:56.000000000 -0400
++++ linux-pam-1.1.4/modules/pam_succeed_if/pam_succeed_if.c	2012-08-09 21:05:02.000000000 -0400
+@@ -233,16 +233,20 @@
+ static int
+ evaluate_innetgr(const char *host, const char *user, const char *group)
+ {
++#ifdef HAVE_INNETGR
+ 	if (innetgr(group, host, user, NULL) == 1)
+ 		return PAM_SUCCESS;
++#endif /* HAVE_INNETGR */
+ 	return PAM_AUTH_ERR;
+ }
+ /* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */
+ static int
+ evaluate_notinnetgr(const char *host, const char *user, const char *group)
+ {
++#ifdef HAVE_INNETGR
+ 	if (innetgr(group, host, user, NULL) == 0)
+ 		return PAM_SUCCESS;
++#endif /* HAVE_INNETGR */
+ 	return PAM_AUTH_ERR;
+ }
+ 
diff --git a/package/linux-pam/linux-pam-time.patch b/package/linux-pam/linux-pam-time.patch
new file mode 100644
index 0000000..463ec3d
--- /dev/null
+++ b/package/linux-pam/linux-pam-time.patch
@@ -0,0 +1,18 @@
+--- linux-pam-1.1.4/modules/pam_time/pam_time.c	2011-06-21 05:04:56.000000000 -0400
++++ linux-pam-1.1.4/modules/pam_time/pam_time.c	2012-08-09 21:02:29.000000000 -0400
+@@ -554,8 +554,14 @@
+ 	       continue;
+ 	  }
+ 	  /* If buffer starts with @, we are using netgroups */
+-	  if (buffer[0] == '@')
++	  if (buffer[0] == '@') {
++#ifdef HAVE_INNETGR
+ 	    good &= innetgr (&buffer[1], NULL, user, NULL);
++#else
++	    good = 0;
++	    pam_syslog (pamh, LOG_ERR, "pam_time does not have netgroup support");
++#endif /* HAVE_INNETGR */
++	  }
+ 	  else
+ 	    good &= logic_field(pamh, user, buffer, count, is_same);
+ 	  D(("with user: %s", good ? "passes":"fails" ));
diff --git a/package/linux-pam/linux-pam.mk b/package/linux-pam/linux-pam.mk
new file mode 100644
index 0000000..1b98d0a
--- /dev/null
+++ b/package/linux-pam/linux-pam.mk
@@ -0,0 +1,21 @@
+############################################
+#
+# linux-pam
+# 
+############################################
+
+LINUX_PAM_VERSION = 1.1.4
+LINUX_PAM_SOURCE = Linux-PAM-$(LINUX_PAM_VERSION).tar.bz2
+LINUX_PAM_SITE = http://linux-pam.org/library/
+LINUX_PAM_INSTALL_STAGING = YES
+LINUX_PAM_INSTALL_TARGET = YES
+LINUX_PAM_CONF_OPT = --disable-prelude --disable-isadir --disable-nis --disable-regenerate-docu
+LINUX_PAM_CONF_OPT += --enable-securedir=/lib/security --libdir=/lib
+LINUX_PAM_DEPENDENCIES = $(if $(BR2_NEEDS_GETTEXT_IF_LOCALE),gettext) libintl flex
+LINUX_PAM_AUTORECONF = YES
+
+define LINUX_PAM_BUILD_CMDS
+	$(MAKE) CC="$(TARGET_CC) -lintl -lfl" LD="$(TARGET_LD)" -C $(@D) all
+endef
+
+$(eval $(autotools-package))
-- 
1.7.2.5

[Buildroot] [PATCH] Add package linux-pam

[Dmitry]

1. Add the linux-pam package building instructions
2. If the linux-pam package is selected, make sure it builds before
   busybox just in case busybox is configured with PAM support
   (make linux-pam a dependency of busybox)

Signed-off-by: Dmitry <golubovsky@gmail.com>
---
 package/Config.in              |    1 +
 package/busybox/busybox.mk     |    3 +++
 package/linux-pam/Config.in    |   13 +++++++++++++
 package/linux-pam/linux-pam.mk |   37 +++++++++++++++++++++++++++++++++++++
 4 files changed, 54 insertions(+), 0 deletions(-)
 create mode 100644 package/linux-pam/Config.in
 create mode 100644 package/linux-pam/linux-pam.mk

diff --git a/package/Config.in b/package/Config.in
index 6aabb8e..4bbb293 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -660,6 +660,7 @@ source "package/bootutils/Config.in"
 endif
 source "package/htop/Config.in"
 source "package/kmod/Config.in"
+source "package/linux-pam/Config.in"
 if BR2_PACKAGE_BUSYBOX_SHOW_OTHERS
 source "package/module-init-tools/Config.in"
 endif
diff --git a/package/busybox/busybox.mk b/package/busybox/busybox.mk
index 394a1ae..4a1de33 100644
--- a/package/busybox/busybox.mk
+++ b/package/busybox/busybox.mk
@@ -11,6 +11,9 @@ else
 BUSYBOX_VERSION = $(call qstrip,$(BR2_BUSYBOX_VERSION))
 BUSYBOX_SITE = http://www.busybox.net/downloads
 endif
+ifeq ($(BR2_PACKAGE_LINUX_PAM),y)
+BUSYBOX_DEPENDENCIES += linux-pam
+endif
 BUSYBOX_SOURCE = busybox-$(BUSYBOX_VERSION).tar.bz2
 BUSYBOX_BUILD_CONFIG = $(BUSYBOX_DIR)/.config
 # Allows the build system to tweak CFLAGS
diff --git a/package/linux-pam/Config.in b/package/linux-pam/Config.in
new file mode 100644
index 0000000..1e3d080
--- /dev/null
+++ b/package/linux-pam/Config.in
@@ -0,0 +1,13 @@
+config BR2_PACKAGE_LINUX_PAM
+	bool "linux-pam"
+	select BR2_PACKAGE_LIBINTL
+	select BR2_PACKAGE_GETTEXT
+	select BR2_PACKAGE_FLEX
+	select BR2_PACKAGE_FLEX_LIBFL
+	depends on (BR2_ENABLE_LOCALE && BR2_USE_WCHAR)
+	help
+	   A Security Framework that Provides Authentication for Applications
+
+comment "linux-pam requires a toolchain with WCHAR and locale support"
+	depends on !(BR2_ENABLE_LOCALE && BR2_USE_WCHAR)
+
diff --git a/package/linux-pam/linux-pam.mk b/package/linux-pam/linux-pam.mk
new file mode 100644
index 0000000..5024033
--- /dev/null
+++ b/package/linux-pam/linux-pam.mk
@@ -0,0 +1,37 @@
+############################################
+#
+# linux-pam
+# 
+############################################
+
+LINUX_PAM_VERSION = 1.1.4
+LINUX_PAM_SOURCE = Linux-PAM-$(LINUX_PAM_VERSION).tar.bz2
+LINUX_PAM_SITE = http://linux-pam.org/library/
+LINUX_PAM_INSTALL_STAGING = YES
+LINUX_PAM_INSTALL_TARGET = YES
+LINUX_PAM_CONF_OPT = --disable-prelude --disable-isadir --disable-nis --disable-regenerate-docu
+LINUX_PAM_CONF_OPT += --enable-securedir=/lib/security --libdir=/lib
+LINUX_PAM_DEPENDENCIES = gettext libintl flex
+LINUX_PAM_LICENSE = BSD
+LINUX_PAM_LICENSE_FILES = COPYING
+
+define LINUX_PAM_BUILD_CMDS
+	$(MAKE) CC="$(TARGET_CC) -lintl -lfl" LD="$(TARGET_LD)" -C $(@D) all
+endef
+
+define LINUX_PAM_DISABLE_INNETGR
+	echo >>$(@D)/config.h
+	echo "#undef HAVE_RUSEROK">>$(@D)/config.h
+	echo "#define HAVE_RUSEROK_AF">>$(@D)/config.h
+	echo "#define ruserok_af(a, b, c, d, e) (-1)" >>$(@D)/config.h
+	echo "#undef innetgr">>$(@D)/config.h
+	echo "#define innetgr(a, b, c, d) 0" >>$(@D)/config.h
+	echo "all:" >$(@D)/doc/Makefile
+	echo "" >>$(@D)/doc/Makefile
+	echo "install:" >>$(@D)/doc/Makefile
+	echo "" >>$(@D)/doc/Makefile
+endef
+
+LINUX_PAM_POST_CONFIGURE_HOOKS += LINUX_PAM_DISABLE_INNETGR
+
+$(eval $(autotools-package))
-- 
1.7.2.5