Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/2] Provide PAM default configuration files when building linux-pam package
@ 2012-09-05  3:16 Dmitry
  2012-09-05  3:16 ` [Buildroot] [PATCH 2/2] PAM support in Busybox if linux-pam is built Dmitry
  0 siblings, 1 reply; 2+ messages in thread
From: Dmitry @ 2012-09-05  3:16 UTC (permalink / raw)
  To: buildroot

Signed-off-by: Dmitry <golubovsky@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
---
 package/linux-pam/default      |    8 ++++++++
 package/linux-pam/linux-pam.mk |    7 +++++++
 package/linux-pam/login        |    9 +++++++++
 3 files changed, 24 insertions(+), 0 deletions(-)
 create mode 100644 package/linux-pam/default
 create mode 100644 package/linux-pam/login

diff --git a/package/linux-pam/default b/package/linux-pam/default
new file mode 100644
index 0000000..0bd5ba0
--- /dev/null
+++ b/package/linux-pam/default
@@ -0,0 +1,8 @@
+#
+# default; standard UN*X access
+#
+auth     required       pam_unix.so
+account  required       pam_unix.so
+password required       pam_unix.so
+session  required       pam_unix.so
+
diff --git a/package/linux-pam/linux-pam.mk b/package/linux-pam/linux-pam.mk
index 48cb073..2807bc1 100644
--- a/package/linux-pam/linux-pam.mk
+++ b/package/linux-pam/linux-pam.mk
@@ -24,4 +24,11 @@ ifeq ($(BR2_PACKAGE_LIBINTL),y)
 	LINUX_PAM_MAKE_OPT += LIBS=-lintl
 endif
 
+define LINUX_PAM_CONFFILES
+	$(INSTALL) -D -m 0644 package/linux-pam/default $(TARGET_DIR)/etc/pam.d/default
+	$(INSTALL) -D -m 0644 package/linux-pam/login $(TARGET_DIR)/etc/pam.d/login
+endef
+
+LINUX_PAM_POST_INSTALL_TARGET_HOOKS += LINUX_PAM_CONFFILES
+
 $(eval $(autotools-package))
diff --git a/package/linux-pam/login b/package/linux-pam/login
new file mode 100644
index 0000000..d65a9d4
--- /dev/null
+++ b/package/linux-pam/login
@@ -0,0 +1,9 @@
+#
+# login: allow local logins to users with entries in /etc/passwd and
+# /etc/shadow even with null password
+#
+auth      required       pam_unix.so nullok
+account   required       pam_unix.so nullok
+password  required       pam_unix.so nullok
+session   required       pam_unix.so nullok
+
-- 
1.7.2.5

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* [Buildroot] [PATCH 2/2] PAM support in Busybox if linux-pam is built
  2012-09-05  3:16 [Buildroot] [PATCH 1/2] Provide PAM default configuration files when building linux-pam package Dmitry
@ 2012-09-05  3:16 ` Dmitry
  0 siblings, 0 replies; 2+ messages in thread
From: Dmitry @ 2012-09-05  3:16 UTC (permalink / raw)
  To: buildroot

Signed-off-by: Dmitry <golubovsky@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
---
 package/busybox/Config.in  |   15 +++++++++++++++
 package/busybox/busybox.mk |   12 ++++++++++++
 2 files changed, 27 insertions(+), 0 deletions(-)

diff --git a/package/busybox/Config.in b/package/busybox/Config.in
index dedcf18..21ff3fb 100644
--- a/package/busybox/Config.in
+++ b/package/busybox/Config.in
@@ -62,6 +62,21 @@ config BR2_PACKAGE_BUSYBOX_WATCHDOG
 	  Install the watchdog daemon startup script,
 	  that just start at the boot the busybox watchdog daemon.
 
+config BR2_PACKAGE_BUSYBOX_PAM
+	bool "Enable PAM support in Busybox"
+	default n
+	depends on BR2_PACKAGE_LINUX_PAM
+	help
+	  If this item is selected, Busybox login will use the PAM stack
+	  for local logins. Local logins with null password are allowed
+	  for users with records in /etc/passwd ("default" and "root") 
+	  per the /etc/pam.d/login file.
+	  The default PAM configuration file /etc/pam.d/default requires 
+	  user accounts with nonzero length passwords.
+	  These files are provided by the linux-pam package. Buildroot
+	  users opting to use PAM are strongly advised to supply their
+	  own PAM configuration files for proper authentication model.
+
 if BR2_PACKAGE_BUSYBOX_WATCHDOG
 
 config BR2_PACKAGE_BUSYBOX_WATCHDOG_PERIOD
diff --git a/package/busybox/busybox.mk b/package/busybox/busybox.mk
index 33f8633..21942c6 100644
--- a/package/busybox/busybox.mk
+++ b/package/busybox/busybox.mk
@@ -164,6 +164,17 @@ define BUSYBOX_INSTALL_WATCHDOG_SCRIPT
 endef
 endif
 
+ifeq ($(BR2_PACKAGE_BUSYBOX_PAM),y)
+BUSYBOX_DEPENDENCIES += linux-pam
+define BUSYBOX_ENABLE_PAM
+	$(call KCONFIG_ENABLE_OPT,CONFIG_PAM,$(BUSYBOX_BUILD_CONFIG))
+endef
+else
+define BUSYBOX_ENABLE_PAM
+	$(call KCONFIG_DISABLE_OPT,CONFIG_PAM,$(BUSYBOX_BUILD_CONFIG))
+endef
+endif
+
 # We do this here to avoid busting a modified .config in configure
 BUSYBOX_POST_EXTRACT_HOOKS += BUSYBOX_COPY_CONFIG
 
@@ -179,6 +190,7 @@ define BUSYBOX_CONFIGURE_CMDS
 	$(BUSYBOX_DISABLE_MMU_APPLETS)
 	$(BUSYBOX_SET_INIT)
 	$(BUSYBOX_SET_WATCHDOG)
+	$(BUSYBOX_ENABLE_PAM)
 	@yes "" | $(MAKE) ARCH=$(KERNEL_ARCH) CROSS_COMPILE="$(TARGET_CROSS)" \
 		-C $(@D) oldconfig
 endef
-- 
1.7.2.5

^ permalink raw reply related	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-09-05  3:16 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-09-05  3:16 [Buildroot] [PATCH 1/2] Provide PAM default configuration files when building linux-pam package Dmitry
2012-09-05  3:16 ` [Buildroot] [PATCH 2/2] PAM support in Busybox if linux-pam is built Dmitry

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox