* [PATCH 0/1] quagga: add pam support for vtysh
@ 2013-11-08 4:32 Hongxu Jia
2013-11-08 4:32 ` [PATCH 1/1] " Hongxu Jia
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Hongxu Jia @ 2013-11-08 4:32 UTC (permalink / raw)
To: openembedded-devel
Test Case:
1. Add DISTRO_FEATURES += 'pam' to local.conf and build image with
quagga.
2. On target:
1) cat /etc/pam.d/guagga
#
# The PAM configuration file for the quagga `vtysh' service
#
# This allows root to change user infomation without being
# prompted for a password
auth sufficient pam_rootok.so
# The standard Unix authentication modules, used with
# NIS (man nsswitch) as well as normal /etc/passwd and
# /etc/shadow entries.
auth include common-auth
2) add option debug to pam_rootok.so
auth sufficient pam_rootok.so debug
3) pam_rootok.so
run command vtysh as root, enter qemu0#:
root@qemu0:~# vtysh
Hello, this is Quagga (version 0.99.21).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
qemu0#
log info in /var/log/message(or /var/log/auth.log) shows pam_rootok.so return success:
2013-11-08T03:33:44.898360+00:00 qemu0 vtysh: pam_rootok(quagga:auth): root check succeeded
4) pam_unix.so
the content of common-auth are shown at section "Common configure files"
comment the configure file quagga pam_rootok.so line, because it will make pam return success:
#auth sufficient pam_rootok.so
and modify the pam_unix.so line in common-auth to remove nullok_secure:
auth [success=1 default=ignore] pam_unix.so debug
5) run commands with invalid password:
root@qemu0:~# vtysh
Password:
root@qemu0:~#
log in /var/log/message(or /var/log/auth.log):
2013-11-08T04:20:49.418763+00:00 qemu0 vtysh: pam_unix(quagga:auth): authentication failure; logname=root uid=0 euid=0 tty= ruser= rhost= user=root
//Hongxu
The following changes since commit ffb5434823195cbdc41c76a110eaa6ae04e2b010:
dnsmasq: uprev to 2.6.3 (2013-11-06 15:12:45 -0500)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib hongxu/fix-quagga-pam
http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=hongxu/fix-quagga-pam
Hongxu Jia (1):
quagga: add pam support for vtysh
meta-networking/recipes-protocols/quagga/files/quagga.pam | 13 +++++++++++++
meta-networking/recipes-protocols/quagga/quagga.inc | 13 ++++++++++++-
2 files changed, 25 insertions(+), 1 deletion(-)
create mode 100644 meta-networking/recipes-protocols/quagga/files/quagga.pam
--
1.8.1.2
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 1/1] quagga: add pam support for vtysh
2013-11-08 4:32 [PATCH 0/1] quagga: add pam support for vtysh Hongxu Jia
@ 2013-11-08 4:32 ` Hongxu Jia
2013-11-08 5:08 ` Rongqing Li
2013-11-08 8:34 ` [PATCH 0/1] " Hongxu Jia
2013-11-26 16:23 ` Joe MacDonald
2 siblings, 1 reply; 6+ messages in thread
From: Hongxu Jia @ 2013-11-08 4:32 UTC (permalink / raw)
To: openembedded-devel
According to DISTRO_FEATURES to add pam support for quagga, and import
configure file from Fedora.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
meta-networking/recipes-protocols/quagga/files/quagga.pam | 13 +++++++++++++
meta-networking/recipes-protocols/quagga/quagga.inc | 13 ++++++++++++-
2 files changed, 25 insertions(+), 1 deletion(-)
create mode 100644 meta-networking/recipes-protocols/quagga/files/quagga.pam
diff --git a/meta-networking/recipes-protocols/quagga/files/quagga.pam b/meta-networking/recipes-protocols/quagga/files/quagga.pam
new file mode 100644
index 0000000..3541a97
--- /dev/null
+++ b/meta-networking/recipes-protocols/quagga/files/quagga.pam
@@ -0,0 +1,13 @@
+#
+# The PAM configuration file for the quagga `vtysh' service
+#
+
+# This allows root to change user infomation without being
+# prompted for a password
+auth sufficient pam_rootok.so
+
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+auth include common-auth
+
diff --git a/meta-networking/recipes-protocols/quagga/quagga.inc b/meta-networking/recipes-protocols/quagga/quagga.inc
index 2106c9b..52cd7a3 100644
--- a/meta-networking/recipes-protocols/quagga/quagga.inc
+++ b/meta-networking/recipes-protocols/quagga/quagga.inc
@@ -32,10 +32,12 @@ SRC_URI = "http://download.savannah.gnu.org/releases/quagga${QUAGGASUBDIR}/quagg
file://watchquagga.init \
file://watchquagga.default \
file://volatiles.03_quagga \
+ file://file://quagga.pam \
file://ripd-fix-two-bugs-after-received-SIGHUP.patch"
-PACKAGECONFIG ??= ""
+PACKAGECONFIG ??= "${@base_contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}"
PACKAGECONFIG[cap] = "--enable-capabilities,--disable-capabilities,libcap"
+PACKAGECONFIG[pam] = "--with-libpam, --without-libpam, libpam"
inherit autotools update-rc.d useradd
@@ -98,6 +100,15 @@ do_install () {
# Remove generated info dir file, it doesn't belong in the generated
# package.
rm -f ${D}${infodir}/dir
+
+ # For PAM
+ for feature in ${DISTRO_FEATURES}; do
+ if [ "$feature" = "pam" ]; then
+ install -D -m 644 ${WORKDIR}/quagga.pam ${D}/${sysconfdir}/pam.d/quagga
+ break
+ fi
+ done
+
}
# Split into a main package and separate per-protocol packages
--
1.8.1.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 1/1] quagga: add pam support for vtysh
2013-11-08 4:32 ` [PATCH 1/1] " Hongxu Jia
@ 2013-11-08 5:08 ` Rongqing Li
2013-11-08 8:30 ` Hongxu Jia
0 siblings, 1 reply; 6+ messages in thread
From: Rongqing Li @ 2013-11-08 5:08 UTC (permalink / raw)
To: openembedded-devel
On 11/08/2013 12:32 PM, Hongxu Jia wrote:
> According to DISTRO_FEATURES to add pam support for quagga, and import
> configure file from Fedora.
>
> Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
> ---
> meta-networking/recipes-protocols/quagga/files/quagga.pam | 13 +++++++++++++
> meta-networking/recipes-protocols/quagga/quagga.inc | 13 ++++++++++++-
> 2 files changed, 25 insertions(+), 1 deletion(-)
> create mode 100644 meta-networking/recipes-protocols/quagga/files/quagga.pam
>
> diff --git a/meta-networking/recipes-protocols/quagga/files/quagga.pam b/meta-networking/recipes-protocols/quagga/files/quagga.pam
> new file mode 100644
> index 0000000..3541a97
> --- /dev/null
> +++ b/meta-networking/recipes-protocols/quagga/files/quagga.pam
> @@ -0,0 +1,13 @@
> +#
> +# The PAM configuration file for the quagga `vtysh' service
> +#
> +
> +# This allows root to change user infomation without being
> +# prompted for a password
> +auth sufficient pam_rootok.so
> +
> +# The standard Unix authentication modules, used with
> +# NIS (man nsswitch) as well as normal /etc/passwd and
> +# /etc/shadow entries.
> +auth include common-auth
> +
> diff --git a/meta-networking/recipes-protocols/quagga/quagga.inc b/meta-networking/recipes-protocols/quagga/quagga.inc
> index 2106c9b..52cd7a3 100644
> --- a/meta-networking/recipes-protocols/quagga/quagga.inc
> +++ b/meta-networking/recipes-protocols/quagga/quagga.inc
> @@ -32,10 +32,12 @@ SRC_URI = "http://download.savannah.gnu.org/releases/quagga${QUAGGASUBDIR}/quagg
> file://watchquagga.init \
> file://watchquagga.default \
> file://volatiles.03_quagga \
> + file://file://quagga.pam \
Why is there be two file://?
> file://ripd-fix-two-bugs-after-received-SIGHUP.patch"
>
> -PACKAGECONFIG ??= ""
> +PACKAGECONFIG ??= "${@base_contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}"
> PACKAGECONFIG[cap] = "--enable-capabilities,--disable-capabilities,libcap"
> +PACKAGECONFIG[pam] = "--with-libpam, --without-libpam, libpam"
>
> inherit autotools update-rc.d useradd
>
> @@ -98,6 +100,15 @@ do_install () {
> # Remove generated info dir file, it doesn't belong in the generated
> # package.
> rm -f ${D}${infodir}/dir
> +
> + # For PAM
> + for feature in ${DISTRO_FEATURES}; do
> + if [ "$feature" = "pam" ]; then
> + install -D -m 644 ${WORKDIR}/quagga.pam ${D}/${sysconfdir}/pam.d/quagga
> + break
> + fi
> + done
> +
Could you use the below method to simply this loop
if
${@base_contains('DISTRO_FEATURES','sysvinit','false','true',d)};then
if
-Roy
> }
>
> # Split into a main package and separate per-protocol packages
>
--
Best Reagrds,
Roy | RongQing Li
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/1] quagga: add pam support for vtysh
2013-11-08 5:08 ` Rongqing Li
@ 2013-11-08 8:30 ` Hongxu Jia
0 siblings, 0 replies; 6+ messages in thread
From: Hongxu Jia @ 2013-11-08 8:30 UTC (permalink / raw)
To: Rongqing Li, openembedded-devel
On 11/08/2013 01:08 PM, Rongqing Li wrote:
>
>
> On 11/08/2013 12:32 PM, Hongxu Jia wrote:
>> According to DISTRO_FEATURES to add pam support for quagga, and import
>> configure file from Fedora.
>>
>> Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
>> ---
>> meta-networking/recipes-protocols/quagga/files/quagga.pam | 13
>> +++++++++++++
>> meta-networking/recipes-protocols/quagga/quagga.inc | 13
>> ++++++++++++-
>> 2 files changed, 25 insertions(+), 1 deletion(-)
>> create mode 100644
>> meta-networking/recipes-protocols/quagga/files/quagga.pam
>>
>> diff --git
>> a/meta-networking/recipes-protocols/quagga/files/quagga.pam
>> b/meta-networking/recipes-protocols/quagga/files/quagga.pam
>> new file mode 100644
>> index 0000000..3541a97
>> --- /dev/null
>> +++ b/meta-networking/recipes-protocols/quagga/files/quagga.pam
>> @@ -0,0 +1,13 @@
>> +#
>> +# The PAM configuration file for the quagga `vtysh' service
>> +#
>> +
>> +# This allows root to change user infomation without being
>> +# prompted for a password
>> +auth sufficient pam_rootok.so
>> +
>> +# The standard Unix authentication modules, used with
>> +# NIS (man nsswitch) as well as normal /etc/passwd and
>> +# /etc/shadow entries.
>> +auth include common-auth
>> +
>> diff --git a/meta-networking/recipes-protocols/quagga/quagga.inc
>> b/meta-networking/recipes-protocols/quagga/quagga.inc
>> index 2106c9b..52cd7a3 100644
>> --- a/meta-networking/recipes-protocols/quagga/quagga.inc
>> +++ b/meta-networking/recipes-protocols/quagga/quagga.inc
>> @@ -32,10 +32,12 @@ SRC_URI =
>> "http://download.savannah.gnu.org/releases/quagga${QUAGGASUBDIR}/quagg
>> file://watchquagga.init \
>> file://watchquagga.default \
>> file://volatiles.03_quagga \
>> + file://file://quagga.pam \
>
> Why is there be two file://?
>
Oh, sorry for the typo, I have updated the git to correct this.
git://git.pokylinux.org/poky-contrib hongxu/fix-quagga-pam
http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=hongxu/fix-quagga-pam
Thanks,
Hongxu
>> file://ripd-fix-two-bugs-after-received-SIGHUP.patch"
>>
>> -PACKAGECONFIG ??= ""
>> +PACKAGECONFIG ??= "${@base_contains('DISTRO_FEATURES', 'pam', 'pam',
>> '', d)}"
>> PACKAGECONFIG[cap] =
>> "--enable-capabilities,--disable-capabilities,libcap"
>> +PACKAGECONFIG[pam] = "--with-libpam, --without-libpam, libpam"
>>
>> inherit autotools update-rc.d useradd
>>
>> @@ -98,6 +100,15 @@ do_install () {
>> # Remove generated info dir file, it doesn't belong in the
>> generated
>> # package.
>> rm -f ${D}${infodir}/dir
>> +
>> + # For PAM
>> + for feature in ${DISTRO_FEATURES}; do
>> + if [ "$feature" = "pam" ]; then
>> + install -D -m 644 ${WORKDIR}/quagga.pam
>> ${D}/${sysconfdir}/pam.d/quagga
>> + break
>> + fi
>> + done
>> +
>
>
> Could you use the below method to simply this loop
>
> if
> ${@base_contains('DISTRO_FEATURES','sysvinit','false','true',d)};then
> if
>
> -Roy
>
>> }
>>
>> # Split into a main package and separate per-protocol packages
>>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 0/1] quagga: add pam support for vtysh
2013-11-08 4:32 [PATCH 0/1] quagga: add pam support for vtysh Hongxu Jia
2013-11-08 4:32 ` [PATCH 1/1] " Hongxu Jia
@ 2013-11-08 8:34 ` Hongxu Jia
2013-11-26 16:23 ` Joe MacDonald
2 siblings, 0 replies; 6+ messages in thread
From: Hongxu Jia @ 2013-11-08 8:34 UTC (permalink / raw)
To: openembedded-devel
On 11/08/2013 12:32 PM, Hongxu Jia wrote:
> Test Case:
> 1. Add DISTRO_FEATURES += 'pam' to local.conf and build image with
> quagga.
>
> 2. On target:
> 1) cat /etc/pam.d/guagga
s/guagga/quagga/
//Hongxu
> #
> # The PAM configuration file for the quagga `vtysh' service
> #
>
> # This allows root to change user infomation without being
> # prompted for a password
> auth sufficient pam_rootok.so
>
> # The standard Unix authentication modules, used with
> # NIS (man nsswitch) as well as normal /etc/passwd and
> # /etc/shadow entries.
> auth include common-auth
>
> 2) add option debug to pam_rootok.so
> auth sufficient pam_rootok.so debug
>
> 3) pam_rootok.so
> run command vtysh as root, enter qemu0#:
> root@qemu0:~# vtysh
>
> Hello, this is Quagga (version 0.99.21).
> Copyright 1996-2005 Kunihiro Ishiguro, et al.
>
> qemu0#
> log info in /var/log/message(or /var/log/auth.log) shows pam_rootok.so return success:
> 2013-11-08T03:33:44.898360+00:00 qemu0 vtysh: pam_rootok(quagga:auth): root check succeeded
>
> 4) pam_unix.so
> the content of common-auth are shown at section "Common configure files"
> comment the configure file quagga pam_rootok.so line, because it will make pam return success:
> #auth sufficient pam_rootok.so
> and modify the pam_unix.so line in common-auth to remove nullok_secure:
> auth [success=1 default=ignore] pam_unix.so debug
>
> 5) run commands with invalid password:
> root@qemu0:~# vtysh
> Password:
> root@qemu0:~#
> log in /var/log/message(or /var/log/auth.log):
> 2013-11-08T04:20:49.418763+00:00 qemu0 vtysh: pam_unix(quagga:auth): authentication failure; logname=root uid=0 euid=0 tty= ruser= rhost= user=root
>
> //Hongxu
>
>
> The following changes since commit ffb5434823195cbdc41c76a110eaa6ae04e2b010:
>
> dnsmasq: uprev to 2.6.3 (2013-11-06 15:12:45 -0500)
>
> are available in the git repository at:
>
> git://git.pokylinux.org/poky-contrib hongxu/fix-quagga-pam
> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=hongxu/fix-quagga-pam
>
> Hongxu Jia (1):
> quagga: add pam support for vtysh
>
> meta-networking/recipes-protocols/quagga/files/quagga.pam | 13 +++++++++++++
> meta-networking/recipes-protocols/quagga/quagga.inc | 13 ++++++++++++-
> 2 files changed, 25 insertions(+), 1 deletion(-)
> create mode 100644 meta-networking/recipes-protocols/quagga/files/quagga.pam
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 0/1] quagga: add pam support for vtysh
2013-11-08 4:32 [PATCH 0/1] quagga: add pam support for vtysh Hongxu Jia
2013-11-08 4:32 ` [PATCH 1/1] " Hongxu Jia
2013-11-08 8:34 ` [PATCH 0/1] " Hongxu Jia
@ 2013-11-26 16:23 ` Joe MacDonald
2 siblings, 0 replies; 6+ messages in thread
From: Joe MacDonald @ 2013-11-26 16:23 UTC (permalink / raw)
To: openembedded-devel
[-- Attachment #1: Type: text/plain, Size: 2625 bytes --]
The latest (and slightly tweaked to resolve a trivial conflict) version
merged. Thanks.
-J.
[[oe] [PATCH 0/1] quagga: add pam support for vtysh] On 13.11.08 (Fri 12:32) Hongxu Jia wrote:
> Test Case:
> 1. Add DISTRO_FEATURES += 'pam' to local.conf and build image with
> quagga.
>
> 2. On target:
> 1) cat /etc/pam.d/guagga
> #
> # The PAM configuration file for the quagga `vtysh' service
> #
>
> # This allows root to change user infomation without being
> # prompted for a password
> auth sufficient pam_rootok.so
>
> # The standard Unix authentication modules, used with
> # NIS (man nsswitch) as well as normal /etc/passwd and
> # /etc/shadow entries.
> auth include common-auth
>
> 2) add option debug to pam_rootok.so
> auth sufficient pam_rootok.so debug
>
> 3) pam_rootok.so
> run command vtysh as root, enter qemu0#:
> root@qemu0:~# vtysh
>
> Hello, this is Quagga (version 0.99.21).
> Copyright 1996-2005 Kunihiro Ishiguro, et al.
>
> qemu0#
> log info in /var/log/message(or /var/log/auth.log) shows pam_rootok.so return success:
> 2013-11-08T03:33:44.898360+00:00 qemu0 vtysh: pam_rootok(quagga:auth): root check succeeded
>
> 4) pam_unix.so
> the content of common-auth are shown at section "Common configure files"
> comment the configure file quagga pam_rootok.so line, because it will make pam return success:
> #auth sufficient pam_rootok.so
> and modify the pam_unix.so line in common-auth to remove nullok_secure:
> auth [success=1 default=ignore] pam_unix.so debug
>
> 5) run commands with invalid password:
> root@qemu0:~# vtysh
> Password:
> root@qemu0:~#
> log in /var/log/message(or /var/log/auth.log):
> 2013-11-08T04:20:49.418763+00:00 qemu0 vtysh: pam_unix(quagga:auth): authentication failure; logname=root uid=0 euid=0 tty= ruser= rhost= user=root
>
> //Hongxu
>
>
> The following changes since commit ffb5434823195cbdc41c76a110eaa6ae04e2b010:
>
> dnsmasq: uprev to 2.6.3 (2013-11-06 15:12:45 -0500)
>
> are available in the git repository at:
>
> git://git.pokylinux.org/poky-contrib hongxu/fix-quagga-pam
> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=hongxu/fix-quagga-pam
>
> Hongxu Jia (1):
> quagga: add pam support for vtysh
>
> meta-networking/recipes-protocols/quagga/files/quagga.pam | 13 +++++++++++++
> meta-networking/recipes-protocols/quagga/quagga.inc | 13 ++++++++++++-
> 2 files changed, 25 insertions(+), 1 deletion(-)
> create mode 100644 meta-networking/recipes-protocols/quagga/files/quagga.pam
>
--
-Joe MacDonald.
:wq
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 205 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2013-11-26 16:23 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-11-08 4:32 [PATCH 0/1] quagga: add pam support for vtysh Hongxu Jia
2013-11-08 4:32 ` [PATCH 1/1] " Hongxu Jia
2013-11-08 5:08 ` Rongqing Li
2013-11-08 8:30 ` Hongxu Jia
2013-11-08 8:34 ` [PATCH 0/1] " Hongxu Jia
2013-11-26 16:23 ` Joe MacDonald
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.