netbsd-bugs: pkg/20892: improvements for security/PAM

Subject: pkg/20892: improvements for security/PAM
To: None <gnats-bugs@gnats.netbsd.org>
From: None <reed@reedmedia.net>
List: netbsd-bugs
Date: 03/25/2003 16:35:14
>Number:         20892
>Category:       pkg
>Synopsis:       improvements for security/PAM
>Confidential:   yes
>Severity:       non-critical
>Priority:       low
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Tue Mar 25 16:36:01 PST 2003
>Closed-Date:
>Last-Modified:
>Originator:     
>Release:        NetBSD 1.6
>Organization:
http://bsd.reedmedia.net/
>Environment:
	
	
System: NetBSD rainier.reedmedia.net 1.6 NetBSD 1.6 (JCR-20020927) #3: Sat Sep 28 13:40:20 PDT 2002 reed@rainier.reedmedia.net:/usr/src/sys/arch/i386/compile/JCR-20020927 i386
Architecture: i386
Machine: i386
>Description:
Back in January, I built a linux-pam package. Then I realized that
security/PAM was based on same source.
The diff below adds a few things:
 - improved DESCRiption (and spelling fixed)
 - more MASTER_SITES
 - improved COMMENT
 - variable for enabling --with-libcrack
 - install limits.conf if under Linux
 - make sure it doesn't have an interactive configuration
   (maybe patch-ao does same?)

Also, somethings to look at, but not done with this diff:
 - MESSAGE saying upgrading PAM may make system unusable
 - maybe install more documentation
 - make sure pam_radius is not built and installed
   (if pwdb_db_name in -lpwdb)
 - maybe install example code and examples
 - some Linux's may want to install to /lib ?
 - use EXTRACT_SUFX=          .tar.bz2 for smaller download
 - maybe use security/ instead of pam/ configuration directory
   (standard under Linux, but maybe doesn't matter)
 - make sure all patches work with Linux (it works for me)
 - make sure patches are submitted to Linux-PAM developers
>How-To-Repeat:
	
>Fix:

The idea for mk/bsd.pkg.defaults.mk:

 # Default: not defined
 
+USE_LIBCRACK?= YES
+# Used in PAM and shadow (for Linux) to enable libcrack support.
+# Possible: YES, NO
+# Default: YES
+
 USE_MMX?=      NO

The following patch is for security/PAM:

Index: security/PAM/DESCR
===================================================================
RCS file: /cvsroot/pkgsrc/security/PAM/DESCR,v
retrieving revision 1.2
diff -b -u -r1.2 DESCR
--- security/PAM/DESCR	2002/01/29 17:10:10	1.2
+++ security/PAM/DESCR	2003/03/26 00:23:01
@@ -1,5 +1,13 @@
+PAM provides Pluggable Authentication Modules.  It is a flexible,
+dynamically configurable mechanism for authenticating users.
+
 PAM provides a way to develop programs that are independent of
 authentication scheme.  These programs need "authentication modules" to be
-attatched to them at run-time in order to work.  Which authentication module
-is to be attatched is dependent upon the local system setup and is at the
+attached to them at run-time in order to work.  Which authentication module
+is to be attached is dependent upon the local system setup and is at the
 discretion of the local system administrator.
+
+This package includes the dynamic and static libpam libraries,
+developer files, and related programmer's man pages documenting
+the functions.  Over 25 PAM modules are included. This is Linux-PAM;
+it works with Solaris, NetBSD, AIX, and other operating systems.
Index: security/PAM/Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/security/PAM/Makefile,v
retrieving revision 1.14
diff -b -u -r1.14 Makefile
--- security/PAM/Makefile	2003/02/09 16:16:56	1.14
+++ security/PAM/Makefile	2003/03/26 00:23:01
@@ -5,11 +5,13 @@
 PKGNAME=	PAM-0.77
 CATEGORIES=	security
 MASTER_SITES=	http://www.kernel.org/pub/linux/libs/pam/pre/library/ \
-		ftp://ftp.kernel.org/pub/linux/libs/pam/pre/library/
+		ftp://ftp.kernel.org/pub/linux/libs/pam/pre/library/ \
+		http://www.de.kernel.org/pub/linux/libs/pam/pre/library/ \
+		ftp://ftp.jp.kernel.org/pub/linux/libs/pam/pre/library/
 
 MAINTAINER=	rh@netbsd.org
 HOMEPAGE=	http://www.kernel.org/pub/linux/libs/pam/
-COMMENT=	Pluggable Authentication Modules
+COMMENT=	Pluggable Authentication Modules (PAM)
 
 USE_BUILDLINK2=		yes
 USE_PKGINSTALL=		yes
@@ -30,6 +32,15 @@
 
 .include "../../mk/bsd.prefs.mk"
 
+.if ${USE_LIBCRACK} == YES
+.  include "../../security/libcrack/buildlink2.mk"
+CONFIGURE_ARGS+=	--with-libcrack
+PLIST_SUBST+=		USE_LIBCRACK=
+.else
+CONFIGURE_ARGS+=	--without-libcrack
+PLIST_SUBST+=		USE_LIBCRACK="@comment "
+.endif
+
 .if defined(LDCONFIG) && !exists(${LDCONFIG})
 LDCONFIG=
 .endif
@@ -43,12 +54,24 @@
 PKG_SYSCONFSUBDIR?=	pam
 EGDIR=			${PREFIX}/share/examples/${PKGBASE}
 
-CFILES=			access.conf pam_env.conf group.conf time.conf
-CONF_FILES=		${EGDIR}/pam.conf ${PKG_SYSCONFBASE}/pam.conf
+CFILES=			access.conf pam_env.conf group.conf time.conf pam.conf
+
+.if ${OPSYS} == "Linux"
+CFILES+=		limits.conf
+PLIST_SUBST+=           PAM_LIMITS=
+.else
+PLIST_SUBST+=           PAM_LIMITS="@comment "
+.endif
+
+CONF_FILES= # defined
 .for FILE in ${CFILES}
 CONF_FILES+=		${EGDIR}/${FILE} ${PKG_SYSCONFDIR}/${FILE}
 .endfor
 
+# this is so it won't try to interactively install any configs
+pre-build:      
+	touch ${WRKSRC}/.quiet_install
+
 post-install:
 	${INSTALL_DATA_DIR} ${EGDIR}
 	${INSTALL_DATA} ${WRKSRC}/conf/pam.conf ${EGDIR}
@@ -57,8 +80,11 @@
 		${EGDIR}/pam_env.conf
 	${INSTALL_DATA} ${WRKSRC}/modules/pam_group/group.conf ${EGDIR}
 	${INSTALL_DATA} ${WRKSRC}/modules/pam_time/time.conf ${EGDIR}
+.if ${OPSYS} == "Linux"
+	${INSTALL_DATA} ${WRKSRC}/security/modules/pam_limits/limits.skel \
+		${EGDIR}/limits.conf
+.endif
 	${INSTALL_DATA_DIR} ${DOCDIR}
 
 .include "../../databases/db/buildlink2.mk"
-.include "../../security/libcrack/buildlink2.mk"
 .include "../../mk/bsd.pkg.mk"
Index: security/PAM/PLIST
===================================================================
RCS file: /cvsroot/pkgsrc/security/PAM/PLIST,v
retrieving revision 1.4
diff -b -u -r1.4 PLIST
--- security/PAM/PLIST	2002/12/23 21:23:57	1.4
+++ security/PAM/PLIST	2003/03/26 00:23:01
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.4 2002/12/23 21:23:57 jlam Exp $
+@comment $NetBSD$
 include/security/_pam_aconf.h
 include/security/_pam_compat.h
 include/security/_pam_macros.h
@@ -11,17 +11,17 @@
 lib/libpam.a
 lib/libpam.so
 lib/libpam.so.0
-lib/libpam.so.0.77
+lib/libpam.so.${PKGVERSION}
 lib/libpam_misc.a
 lib/libpam_misc.so
 lib/libpam_misc.so.0
-lib/libpam_misc.so.0.77
+lib/libpam_misc.so.${PKGVERSION}
 lib/libpamc.a
 lib/libpamc.so
 lib/libpamc.so.0
-lib/libpamc.so.0.77
+lib/libpamc.so.${PKGVERSION}
 lib/security/pam_access.so
-lib/security/pam_cracklib.so
+${USE_LIBCRACK}lib/security/pam_cracklib.so
 lib/security/pam_debug.so
 lib/security/pam_deny.so
 lib/security/pam_env.so
@@ -31,6 +31,7 @@
 lib/security/pam_group.so
 lib/security/pam_issue.so
 lib/security/pam_lastlog.so
+${PAM_LIMITS}lib/security/pam_limits.so
 lib/security/pam_listfile.so
 lib/security/pam_mail.so
 lib/security/pam_mkhomedir.so
@@ -70,6 +71,7 @@
 sbin/unix_chkpwd
 share/examples/${PKGBASE}/access.conf
 share/examples/${PKGBASE}/group.conf
+${PAM_LIMITS}share/examples/${PKGBASE}/limits.conf
 share/examples/${PKGBASE}/pam.conf
 share/examples/${PKGBASE}/pam_env.conf
 share/examples/${PKGBASE}/time.conf
>Release-Note:
>Audit-Trail:
>Unformatted: