PAM support updates: change the dependency back to sys-libs/pam but ask for at least version 0.99 (so that we know we have the proper pam_tally, and we can drop some conditionals), OpenPAM wouldn't work for shadow for now. Simplify the pam.d installation, without using the for loop and case statement. Use the 'epam syntax' for the selinux conditional. Update the options passed to pam_tally so that they don't throw warnings when used with Linux-PAM 0.99.

(Portage version: 2.1.3.17)
author: Diego Elio Pettenò <flameeyes@gentoo.org> 2007-11-04 15:12:29 +0000
committer: Diego Elio Pettenò <flameeyes@gentoo.org> 2007-11-04 15:12:29 +0000
commit: faf70454434a2c5709b91bc9995fb44ede034ccd (patch)
tree: bb354968c369020a6d4c2166e6761363456d22d9 /sys-apps/shadow
parent: x86 stable, bug #197128 (diff)
download: gentoo-2-faf70454434a2c5709b91bc9995fb44ede034ccd.tar.gz
gentoo-2-faf70454434a2c5709b91bc9995fb44ede034ccd.tar.bz2
gentoo-2-faf70454434a2c5709b91bc9995fb44ede034ccd.zip
3 files changed, 59 insertions, 53 deletions
diff --git a/sys-apps/shadow/ChangeLog b/sys-apps/shadow/ChangeLog
index a0fac212edb5..b4d3f7023556 100644
--- a/sys-apps/shadow/ChangeLog
+++ b/sys-apps/shadow/ChangeLog
@@ -1,6 +1,16 @@
 # ChangeLog for sys-apps/shadow
 # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/ChangeLog,v 1.178 2007/11/04 04:17:13 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/ChangeLog,v 1.179 2007/11/04 15:12:28 flameeyes Exp $
+
+  04 Nov 2007; Diego Pettenò <flameeyes@gentoo.org> +files/login.pamd.2,
+  shadow-4.0.18.2.ebuild:
+  PAM support updates: change the dependency back to sys-libs/pam but ask for
+  at least version 0.99 (so that we know we have the proper pam_tally, and we
+  can drop some conditionals), OpenPAM wouldn't work for shadow for now.
+  Simplify the pam.d installation, without using the for loop and case
+  statement. Use the 'epam syntax' for the selinux conditional. Update the
+  options passed to pam_tally so that they don't throw warnings when used with
+  Linux-PAM 0.99.
 
 *shadow-4.0.18.2 (04 Nov 2007)
 
diff --git a/sys-apps/shadow/files/login.pamd.2 b/sys-apps/shadow/files/login.pamd.2
new file mode 100644
index 000000000000..fdbdf1cda9b0
--- /dev/null
+++ b/sys-apps/shadow/files/login.pamd.2
@@ -0,0 +1,27 @@
+#%PAM-1.0
+
+auth       required	pam_securetty.so
+auth       required	pam_tally.so file=/var/log/faillog onerr=succeed
+auth       required	pam_shells.so
+auth       required	pam_nologin.so
+auth       include	system-auth
+
+account    required	pam_access.so
+account    include	system-auth
+account    required	pam_tally.so file=/var/log/faillog onerr=succeed
+
+password   include	system-auth
+
+#%EPAM-Use-Flag:selinux%## pam_selinux.so close should be the first session rule
+#%EPAM-Use-Flag:selinux%#session    required	pam_selinux.so close
+#%EPAM-Use-Flag:selinux%#
+session    required	pam_env.so
+session    optional	pam_lastlog.so
+session    optional	pam_motd.so motd=/etc/motd
+session    optional	pam_mail.so
+
+session    include	system-auth
+
+#%EPAM-Use-Flag:selinux%## pam_selinux.so open should be the last session rule
+#%EPAM-Use-Flag:selinux%#session    required	pam_selinux.so multiple open
+#%EPAM-Use-Flag:selinux%#
diff --git a/sys-apps/shadow/shadow-4.0.18.2.ebuild b/sys-apps/shadow/shadow-4.0.18.2.ebuild
index 390c57f8de05..84a97178ce2b 100644
--- a/sys-apps/shadow/shadow-4.0.18.2.ebuild
+++ b/sys-apps/shadow/shadow-4.0.18.2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2007 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/shadow-4.0.18.2.ebuild,v 1.1 2007/11/04 04:17:13 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/shadow-4.0.18.2.ebuild,v 1.2 2007/11/04 15:12:28 flameeyes Exp $
 
 inherit eutils libtool toolchain-funcs autotools pam
 
@@ -14,7 +14,7 @@ SLOT="0"
 IUSE="nls pam selinux skey nousuid cracklib"
 
 RDEPEND="cracklib? ( >=sys-libs/cracklib-2.7-r3 )
-	pam? ( virtual/pam )
+	pam? ( >=sys-libs/pam-0.99 )
 	!sys-apps/pam-login
 	!app-admin/nologin
 	skey? ( app-admin/skey )
@@ -95,20 +95,16 @@ src_install() {
 	if ! use pam ; then
 		insopts -m0600
 		doins etc/login.access etc/limits
-	else
-		newpamd "${FILESDIR}/login.pamd.1" login
-		use selinux || sed -i -e '/@selinux@/d' "${D}"/etc/pam.d/login
-		use selinux && sed -i -e 's:@selinux@::g' "${D}"/etc/pam.d/login
 	fi
 	# Output arch-specific cruft
 	case $(tc-arch) in
 		ppc*)  echo "hvc0" >> "${D}"/etc/securetty
-		       echo "hvsi0" >> "${D}"/etc/securetty
-		       echo "ttyPSC0" >> "${D}"/etc/securetty;;
+			   echo "hvsi0" >> "${D}"/etc/securetty
+			   echo "ttyPSC0" >> "${D}"/etc/securetty;;
 		hppa)  echo "ttyB0" >> "${D}"/etc/securetty;;
 		arm)   echo "ttyFB0" >> "${D}"/etc/securetty;;
 		sh)    echo "ttySC0" >> "${D}"/etc/securetty
-		       echo "ttySC1" >> "${D}"/etc/securetty;;
+			   echo "ttySC1" >> "${D}"/etc/securetty;;
 	esac
 
 	# needed for 'adduser -D'
@@ -120,62 +116,33 @@ src_install() {
 	mv "${D}"/usr/bin/passwd "${D}"/bin/
 	dosym /bin/passwd /usr/bin/passwd
 
+	cd "${S}"
+	insinto /etc
+	insopts -m0644
+	newins etc/login.defs login.defs
+
 	if use pam ; then
-		local INSTALL_SYSTEM_PAMD="yes"
-
-		# Do not install below pam.d files if we have pam-0.78 or later
-		has_version '>=sys-libs/pam-0.78' && \
-			INSTALL_SYSTEM_PAMD="no"
-
-		for x in "${FILESDIR}"/pam.d-include/*; do
-			case "${x##*/}" in
-				"login")
-					# We do no longer install this one, as its from
-					# pam-login now.
-					;;
-				"system-auth"|"system-auth-1.1"|"other")
-					# These we only install if we do not have pam-0.78
-					# or later.
-					[ "${INSTALL_SYSTEM_PAMD}" = "yes" ] && [ -f ${x} ] && \
-						dopamd ${x}
-					;;
-				"su")
-					# Disable support for pam_env and pam_wheel on openpam
-					has_version sys-libs/pam && dopamd ${x}
-					;;
-				"su-openpam")
-					has_version sys-libs/openpam && newpamd ${x} su
-					;;
-				*)
-					[ -f ${x} ] && dopamd ${x}
-					;;
-			esac
-		done
+		dopamd "${FILESDIR}/pam.d-include/"{su,passwd,shadow}
+
+		newpamd "${FILESDIR}/login.pamd.2" login
+
 		for x in chage chsh chfn chpasswd newusers \
 				 user{add,del,mod} group{add,del,mod} ; do
 			newpamd "${FILESDIR}"/pam.d-include/shadow ${x}
 		done
 
+		# comment out login.defs options that pam hates
+		gawk -f "${FILESDIR}"/login_defs.awk \
+			lib/getdef.c etc/login.defs \
+			> "${D}"/etc/login.defs
+
 		# remove manpages that pam will install for us
 		# and/or don't apply when using pam
-
 		find "${D}"/usr/share/man \
 			'(' -name 'limits.5*' -o -name 'suauth.5*' ')' \
 			-exec rm {} \;
 	fi
 
-	cd "${S}"
-	insinto /etc
-	insopts -m0644
-	newins etc/login.defs login.defs
-
-	# comment out options that pam hates
-	if use pam ; then
-		awk -f "${FILESDIR}"/login_defs.awk \
-			lib/getdef.c etc/login.defs \
-			> "${D}"/etc/login.defs
-	fi
-
 	# Remove manpages that are handled by other packages
 	find "${D}"/usr/share/man \
 		'(' -name id.1 -o -name passwd.5 -o -name getspnam.3 ')' \
@@ -191,6 +158,8 @@ src_install() {
 pkg_preinst() {
 	rm -f "${ROOT}"/etc/pam.d/system-auth.new \
 		"${ROOT}/etc/login.defs.new"
+
+	use pam && pam_epam_expand "${D}"/etc/pam.d/login
 }
 
 pkg_postinst() {
author	Diego Elio Pettenò <flameeyes@gentoo.org>	2007-11-04 15:12:29 +0000
committer	Diego Elio Pettenò <flameeyes@gentoo.org>	2007-11-04 15:12:29 +0000
commit	faf70454434a2c5709b91bc9995fb44ede034ccd (patch)
tree	bb354968c369020a6d4c2166e6761363456d22d9 /sys-apps/shadow
parent	x86 stable, bug #197128 (diff)
download	gentoo-2-faf70454434a2c5709b91bc9995fb44ede034ccd.tar.gz gentoo-2-faf70454434a2c5709b91bc9995fb44ede034ccd.tar.bz2 gentoo-2-faf70454434a2c5709b91bc9995fb44ede034ccd.zip