[PATCH 0/7] works of adding packages pam support V2

[PATCH 0/7] works of adding packages pam support V2

[Kang Kai]

From: Kang Kai <kai.kang@windriver.com>

Hi Scott,

This is the work of adding pam supports version 2.

Xiaofeng Yan's commits will be commited by himself, including openssh, dropbear and polkit.

As Saul told, 
* update the indent
* check the PR 
* make install configure file when pam support enabled

After update libpam to 1.1.4, we enable the packages pam support. And if the pacakge
doesn't have a pam configure file, import from Fedora.


The following changes since commit e803c58ffb05e6d1f5938f1bfe6dfca9e3c26e02:

  libiconv: Fix build failure on 1.13.1 (2011-07-21 22:50:24 +0100)

are available in the git repository at:
  git://git.pokylinux.org/poky-contrib kangkai/distro
  http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai/distro

Kang Kai (5):
  libpam: update to 1.1.4 and add subpackage xtests
  cups: add pam support
  screen: add pam support
  sudo: add pam support
  shadow: update pam related configure files

Wenzong Fan (2):
  cronie: enable PAM support for cronie
  at: enable pam support

 .../at/at-3.1.12/configure-add-enable-pam.patch    |   23 +++++
 meta/recipes-extended/at/at-3.1.12/pam.conf.patch  |   21 +++++
 meta/recipes-extended/at/at_3.1.12.bb              |   21 ++++-
 .../cronie/cronie/crond_pam_config.patch           |   19 ++++
 meta/recipes-extended/cronie/cronie_1.4.7.bb       |   12 ++-
 meta/recipes-extended/cups/cups_1.4.6.bb           |    8 +-
 .../pam/libpam/libpam-xtests.patch                 |   35 ++++++++
 .../pam/{libpam_1.1.3.bb => libpam_1.1.4.bb}       |   14 ++-
 .../screen/screen-4.0.3/screen.pam                 |    2 +
 meta/recipes-extended/screen/screen_4.0.3.bb       |   23 ++++-
 .../shadow/files/shadow-update-pam-conf.patch      |   91 ++++++++++++++++++++
 meta/recipes-extended/shadow/shadow_4.1.4.3.bb     |    5 +-
 meta/recipes-extended/sudo/files/sudo.pam          |    6 ++
 meta/recipes-extended/sudo/sudo_1.8.1p2.bb         |   18 +++-
 14 files changed, 274 insertions(+), 24 deletions(-)
 create mode 100644 meta/recipes-extended/at/at-3.1.12/configure-add-enable-pam.patch
 create mode 100644 meta/recipes-extended/at/at-3.1.12/pam.conf.patch
 create mode 100644 meta/recipes-extended/cronie/cronie/crond_pam_config.patch
 create mode 100644 meta/recipes-extended/pam/libpam/libpam-xtests.patch
 rename meta/recipes-extended/pam/{libpam_1.1.3.bb => libpam_1.1.4.bb} (85%)
 create mode 100644 meta/recipes-extended/screen/screen-4.0.3/screen.pam
 create mode 100644 meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
 create mode 100644 meta/recipes-extended/sudo/files/sudo.pam

-- 
1.7.5.1.300.gc565c

[PATCH 1/7] libpam: update to 1.1.4 and add subpackage xtests

[Kang Kai]

From: Kang Kai <kai.kang@windriver.com>

Update libpam to 1.1.4, and add dependecy cracklib because run xtexts will
need pam-plugin-cracklib.
There are some additional checks under subdirectory xtests and make it
as a subpackage libpam-xtests.

Signed-off-by: Kang Kai <kai.kang@windriver.com>
---
 .../pam/libpam/libpam-xtests.patch                 |   35 ++++++++++++++++++++
 .../pam/{libpam_1.1.3.bb => libpam_1.1.4.bb}       |   14 +++++---
 2 files changed, 44 insertions(+), 5 deletions(-)
 create mode 100644 meta/recipes-extended/pam/libpam/libpam-xtests.patch
 rename meta/recipes-extended/pam/{libpam_1.1.3.bb => libpam_1.1.4.bb} (85%)

diff --git a/meta/recipes-extended/pam/libpam/libpam-xtests.patch b/meta/recipes-extended/pam/libpam/libpam-xtests.patch
new file mode 100644
index 0000000..be68745
--- /dev/null
+++ b/meta/recipes-extended/pam/libpam/libpam-xtests.patch
@@ -0,0 +1,35 @@
+This patch is used to create a new sub package libpam-xtests to do more checks.
+
+Upstream-Status: Pending
+
+Signed-off-by: Kang Kai <kai.kang@windriver.com>
+--- Linux-PAM-1.1.4/xtests/Makefile.am.orig	2011-07-19 17:00:09.619980001 +0800
++++ Linux-PAM-1.1.4/xtests/Makefile.am	2011-07-19 16:54:00.229979998 +0800
+@@ -7,7 +7,7 @@
+ AM_LDFLAGS = -L$(top_builddir)/libpam -lpam \
+ 	-L$(top_builddir)/libpam_misc -lpam_misc
+ 
+-CLEANFILES = *~ $(XTESTS)
++CLEANFILES = *~
+ 
+ EXTRA_DIST = run-xtests.sh tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \
+ 	tst-pam_dispatch3.pamd tst-pam_dispatch4.pamd \
+@@ -51,3 +51,18 @@
+ 
+ xtests: $(XTESTS) run-xtests.sh
+ 	"$(srcdir)"/run-xtests.sh "$(srcdir)" ${XTESTS} ${NOSRCTESTS}
++
++all: $(XTESTS)
++
++install: install_xtests
++
++install_xtests:
++	$(INSTALL) -d $(DESTDIR)$(pkgdatadir)/xtests
++	for file in $(EXTRA_DIST) ; do \
++		$(INSTALL) $$file $(DESTDIR)$(pkgdatadir)/xtests ; \
++	done
++	for file in $(XTESTS); do \
++		$(INSTALL) .libs/$$file $(DESTDIR)$(pkgdatadir)/xtests ; \
++	done
++
++.PHONY: all install_xtests
diff --git a/meta/recipes-extended/pam/libpam_1.1.3.bb b/meta/recipes-extended/pam/libpam_1.1.4.bb
similarity index 85%
rename from meta/recipes-extended/pam/libpam_1.1.3.bb
rename to meta/recipes-extended/pam/libpam_1.1.4.bb
index b62e2f2..59fbdcd 100644
--- a/meta/recipes-extended/pam/libpam_1.1.3.bb
+++ b/meta/recipes-extended/pam/libpam_1.1.4.bb
@@ -11,18 +11,21 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=ca0395de9a86191a078b8b79302e3083"
 
 PR = "r0"
 
-DEPENDS = "bison flex"
+DEPENDS = "bison flex cracklib"
 RDEPENDS_${PN}-runtime = "libpam pam-plugin-deny pam-plugin-permit pam-plugin-warn pam-plugin-unix"
+RDEPENDS_${PN}-xtests = "libpam pam-plugin-access pam-plugin-debug pam-plugin-cracklib pam-plugin-pwhistory \
+                        pam-plugin-succeed-if pam-plugin-time coreutils"
 RRECOMMENDS_${PN} = "libpam-runtime"
 
 SRC_URI = "${KERNELORG_MIRROR}/linux/libs/pam/library/Linux-PAM-${PV}.tar.bz2 \
            file://99_pam \
-           file://pam.d/*"
+           file://pam.d/* \
+           file://libpam-xtests.patch"
 
 SRC_URI_append_libc-uclibc = " file://pam-no-innetgr.patch"
 
-SRC_URI[md5sum] = "6db7fcb5db6253350e3a4648ceac40e7"
-SRC_URI[sha256sum] = "17b268789b935a76e736a1150210dd12f156972973e79347668f828d43632652"
+SRC_URI[md5sum] = "e9af5fb27bb22edb55d077e2888b3ebc"
+SRC_URI[sha256sum] = "ccd89331914390b1e9e99c954471d65f19b660d81e15a46eeb96cee125d44056"
 
 EXTRA_OECONF = "--with-db-uniquename=_pam \
                 --includedir=${includedir}/security \
@@ -34,12 +37,13 @@ S = "${WORKDIR}/Linux-PAM-${PV}"
 
 inherit autotools gettext
 
-PACKAGES += "${PN}-runtime"
+PACKAGES += "${PN}-runtime ${PN}-xtests"
 FILES_${PN} = "${base_libdir}/lib*${SOLIBS}"
 FILES_${PN}-dbg += "${base_libdir}/security/.debug \
                     ${base_libdir}/security/pam_filter/.debug"
 FILES_${PN}-dev += "${base_libdir}/security/*.la ${base_libdir}/*.la ${base_libdir}/lib*${SOLIBSDEV}"
 FILES_${PN}-runtime = "${sysconfdir}"
+FILES_${PN}-xtests = "${datadir}/Linux-PAM/xtests"
 
 PACKAGES_DYNAMIC += " pam-plugin-*"
 
-- 
1.7.5.1.300.gc565c

[PATCH 2/7] cups: add pam support

[Kang Kai]

From: Kang Kai <kai.kang@windriver.com>

According to distro_feature then add pam support for cups or not.

Signed-off-by: Kang Kai <kai.kang@windriver.com>
---
 meta/recipes-extended/cups/cups_1.4.6.bb |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-extended/cups/cups_1.4.6.bb b/meta/recipes-extended/cups/cups_1.4.6.bb
index 86b5340..fd20dcc 100644
--- a/meta/recipes-extended/cups/cups_1.4.6.bb
+++ b/meta/recipes-extended/cups/cups_1.4.6.bb
@@ -1,7 +1,8 @@
 require cups14.inc
 
-PR = "r0"
-DEPENDS += "libusb"
+PR = "r1"
+DEPENDS += "libusb \
+       ${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
 
 LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=956e7600195e6139f12de8c2a5bbefa9"
 SRC_URI += " \
@@ -12,6 +13,7 @@ SRC_URI += " \
 SRC_URI[md5sum] = "de8fb5a29c36554925c0c6a6e2c0dae1"
 SRC_URI[sha256sum] = "f08711702a77b52c7150f96fe1f45482f6151cb95ef601268c528607fe6ad514"
 
-EXTRA_OECONF += " --disable-gssapi --enable-debug --disable-relro --enable-libusb"
+EXTRA_OECONF += " --disable-gssapi --enable-debug --disable-relro --enable-libusb \
+       ${@base_contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}"
 
 CONFFILES_${PN} += "${sysconfdir}/cups/cupsd.conf"
-- 
1.7.5.1.300.gc565c

[PATCH 3/7] screen: add pam support

[Kang Kai]

From: Kang Kai <kai.kang@windriver.com>

According to DISTRO_FEATURES then add screen pam support or not.
Press "Ctrl+a x" will lock the screen terminal, then unlock it will
use pam.
Add pam related configure file sceen.pam from Fedora.

Signed-off-by: Kang Kai <kai.kang@windriver.com>
---
 .../screen/screen-4.0.3/screen.pam                 |    2 +
 meta/recipes-extended/screen/screen_4.0.3.bb       |   23 +++++++++++++++----
 2 files changed, 20 insertions(+), 5 deletions(-)
 create mode 100644 meta/recipes-extended/screen/screen-4.0.3/screen.pam

diff --git a/meta/recipes-extended/screen/screen-4.0.3/screen.pam b/meta/recipes-extended/screen/screen-4.0.3/screen.pam
new file mode 100644
index 0000000..ff657fa
--- /dev/null
+++ b/meta/recipes-extended/screen/screen-4.0.3/screen.pam
@@ -0,0 +1,2 @@
+#%PAM-1.0
+auth       include      common-auth
diff --git a/meta/recipes-extended/screen/screen_4.0.3.bb b/meta/recipes-extended/screen/screen_4.0.3.bb
index dac2893..27f39dd 100644
--- a/meta/recipes-extended/screen/screen_4.0.3.bb
+++ b/meta/recipes-extended/screen/screen_4.0.3.bb
@@ -10,12 +10,16 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=0774d66808b0f602e94448108f59448b \
                     file://screen.h;endline=23;md5=9a7ae69a2aafed891bf7c38ddf9f6b7d"
 
 SECTION = "console/utils"
-DEPENDS = "ncurses"
-PR = "r0"
+DEPENDS = "ncurses \
+          ${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
+PR = "r1"
 
 SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz;name=tarball \
            ${DEBIAN_MIRROR}/main/s/screen/screen_4.0.3-11+lenny1.diff.gz;name=patch \
-           file://configure.patch"
+           file://configure.patch \
+           ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}"
+
+PAM_SRC_URI = "file://screen.pam"
 
 SRC_URI[tarball.md5sum] = "8506fd205028a96c741e4037de6e3c42"
 SRC_URI[tarball.sha256sum] = "78f0d5b1496084a5902586304d4a73954b2bfe33ea13edceecf21615c39e6c77"
@@ -25,5 +29,14 @@ SRC_URI[patch.sha256sum] = "19130d097e9ed897c84a2c640634dd36ee3233c17b0bf5d18549
 
 inherit autotools
 
-EXTRA_OECONF = "--with-pty-mode=0620 --with-pty-group=5"
-
+EXTRA_OECONF = "--with-pty-mode=0620 --with-pty-group=5 \
+               ${@base_contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}"
+
+do_install_append () {
+	for feature in ${DISTRO_FEATURES}; do
+		if [ "$feature" = "pam" ]; then
+			install -D -m 644 ${WORKDIR}/screen.pam ${D}/${sysconfdir}/pam.d/screen
+			break
+		fi
+	done
+}
-- 
1.7.5.1.300.gc565c

[PATCH 4/7] sudo: add pam support

[Kang Kai]

From: Kang Kai <kai.kang@windriver.com>

According to DISTRO_FEATURES to add pam support for sudo, and import
configure file from Fedora.

Signed-off-by: Kang Kai <kai.kang@windriver.com>
---
 meta/recipes-extended/sudo/files/sudo.pam  |    6 ++++++
 meta/recipes-extended/sudo/sudo_1.8.1p2.bb |   18 +++++++++++++++---
 2 files changed, 21 insertions(+), 3 deletions(-)
 create mode 100644 meta/recipes-extended/sudo/files/sudo.pam

diff --git a/meta/recipes-extended/sudo/files/sudo.pam b/meta/recipes-extended/sudo/files/sudo.pam
new file mode 100644
index 0000000..5bc26e7
--- /dev/null
+++ b/meta/recipes-extended/sudo/files/sudo.pam
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth       include      common-auth
+account    include      common-account
+password   include      common-password
+session    required     pam_keyinit.so revoke
+session    required     pam_limits.so
diff --git a/meta/recipes-extended/sudo/sudo_1.8.1p2.bb b/meta/recipes-extended/sudo/sudo_1.8.1p2.bb
index 7eba307..9cf9ecc 100644
--- a/meta/recipes-extended/sudo/sudo_1.8.1p2.bb
+++ b/meta/recipes-extended/sudo/sudo_1.8.1p2.bb
@@ -1,11 +1,23 @@
 require sudo.inc
 
-PR = "r0"
+PR = "r1"
 
 SRC_URI = "http://ftp.sudo.ws/sudo/dist/sudo-${PV}.tar.gz \
-           file://libtool.patch"
+           file://libtool.patch \
+           ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}"
+
+PAM_SRC_URI = "file://sudo.pam"
 
 SRC_URI[md5sum] = "e8330f0e63b0ecb2e12b5c76922818cc"
 SRC_URI[sha256sum] = "281f90c80547cf22132e351e7f61c25ba4ba9cf393438468f318f9a7884026fb"
 
-EXTRA_OECONF += " --with-pam=no"
+EXTRA_OECONF += " ${@base_contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)}"
+
+do_install_append () {
+	for feature in ${DISTRO_FEATURES}; do
+		if [ "$feature" = "pam" ]; then
+			install -D -m 664 ${WORKDIR}/sudo.pam ${D}/${sysconfdir}/pam.d/sudo
+			break
+		fi
+	done
+}
-- 
1.7.5.1.300.gc565c

[PATCH 5/7] cronie: enable PAM support for cronie

[Kang Kai]

From: Wenzong Fan <wenzong.fan@windriver.com>

Enable PAM support for cronie and update its pam config file 'crond'.

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
 .../cronie/cronie/crond_pam_config.patch           |   19 +++++++++++++++++++
 meta/recipes-extended/cronie/cronie_1.4.7.bb       |   12 ++++++++++--
 2 files changed, 29 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-extended/cronie/cronie/crond_pam_config.patch

diff --git a/meta/recipes-extended/cronie/cronie/crond_pam_config.patch b/meta/recipes-extended/cronie/cronie/crond_pam_config.patch
new file mode 100644
index 0000000..675872c
--- /dev/null
+++ b/meta/recipes-extended/cronie/cronie/crond_pam_config.patch
@@ -0,0 +1,19 @@
+password-auth is the Fedora's common pam configure file, use oe common pam
+configure files instead.
+
+Upstream-Status: Pending
+
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+--- cronie-1.4.7/pam/crond.orig	2010-12-16 16:59:02.000000000 +0800
++++ cronie-1.4.7/pam/crond	2011-07-20 09:47:16.080819203 +0800
+@@ -4,7 +4,7 @@
+ #
+ # No PAM authentication called, auth modules not needed
+ account    required   pam_access.so
+-account    include    password-auth
++account    include    common-account
+ session    required   pam_loginuid.so
+-session    include    password-auth
+-auth       include    password-auth
++session    include    common-session-noninteractive
++auth       include    common-auth
diff --git a/meta/recipes-extended/cronie/cronie_1.4.7.bb b/meta/recipes-extended/cronie/cronie_1.4.7.bb
index 992b610..bb715f2 100644
--- a/meta/recipes-extended/cronie/cronie_1.4.7.bb
+++ b/meta/recipes-extended/cronie/cronie_1.4.7.bb
@@ -14,17 +14,25 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=963ea0772a2adbdcd607a9b2ec320c11 \
 
 SECTION = "utils"
 
-PR = "r2"
+DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
+PR = "r3"
 
 SRC_URI = "https://fedorahosted.org/releases/c/r/cronie/cronie-${PV}.tar.gz \
            file://crond.init \
-           file://crontab"
+           file://crontab \
+           ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}"
+
+PAM_SRC_URI = "file://crond_pam_config.patch"
+
 
 SRC_URI[md5sum] = "dfc26c47756d0c40ee27ae3c7ee98e0d"
 SRC_URI[sha256sum] = "83bae15ae5504454ba74f4142f5db3aa22be594327fea19d2534f65803137fbd"
 
 inherit autotools update-rc.d
 
+EXTRA_OECONF += "\
+                ${@base_contains('DISTRO_FEATURES', 'pam', '--with-libpam', '--without-libpam', d)}"
+
 INITSCRIPT_NAME = "crond"
 INITSCRIPT_PARAMS = "start 90 2 3 4 5 . stop 60 0 1 6 ."
 
-- 
1.7.5.1.300.gc565c

[PATCH 6/7] shadow: update pam related configure files

[Kang Kai]

From: Kang Kai <kai.kang@windriver.com>

add shadow-update-pam-conf.patch to update the pam related configure files
in oe way rather than Fedora.

Signed-off-by: Kang Kai <kai.kang@windriver.com>
---
 .../shadow/files/shadow-update-pam-conf.patch      |   91 ++++++++++++++++++++
 meta/recipes-extended/shadow/shadow_4.1.4.3.bb     |    5 +-
 2 files changed, 94 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch

diff --git a/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch b/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
new file mode 100644
index 0000000..15f8044
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
@@ -0,0 +1,91 @@
+The system-auth in the configure files is from Fedora which put all the 4 pam type rules
+in one file.
+In yocto it obey the way with Debian/Ubuntu, and the names are common-auth, common-account,
+common-password and common-session.
+So update them with oe way.
+
+Upstream-Status: Pending
+
+Signed-off-by: Kang Kai <kai.kang@windriver.com>
+
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chage shadow-4.1.4.3/etc/pam.d/chage
+--- shadow-4.1.4.3/etc/pam.d.orig/chage	2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/chage	2011-07-20 19:03:08.964844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth		sufficient	pam_rootok.so
+ account		required	pam_permit.so
+-password	include		system-auth
++password	include		common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chgpasswd shadow-4.1.4.3/etc/pam.d/chgpasswd
+--- shadow-4.1.4.3/etc/pam.d.orig/chgpasswd	2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/chgpasswd	2011-07-20 19:03:26.544844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth		sufficient	pam_rootok.so
+ account		required	pam_permit.so
+-password	include		system-auth
++password	include		common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupadd shadow-4.1.4.3/etc/pam.d/groupadd
+--- shadow-4.1.4.3/etc/pam.d.orig/groupadd	2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/groupadd	2011-07-20 19:04:08.124844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth		sufficient	pam_rootok.so
+ account		required	pam_permit.so
+-password	include		system-auth
++password	include		common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupdel shadow-4.1.4.3/etc/pam.d/groupdel
+--- shadow-4.1.4.3/etc/pam.d.orig/groupdel	2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/groupdel	2011-07-20 19:04:26.114844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth		sufficient	pam_rootok.so
+ account		required	pam_permit.so
+-password	include		system-auth
++password	include		common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupmems shadow-4.1.4.3/etc/pam.d/groupmems
+--- shadow-4.1.4.3/etc/pam.d.orig/groupmems	2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/groupmems	2011-07-20 19:04:35.074844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth		sufficient	pam_rootok.so
+ account		required	pam_permit.so
+-password	include		system-auth
++password	include		common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupmod shadow-4.1.4.3/etc/pam.d/groupmod
+--- shadow-4.1.4.3/etc/pam.d.orig/groupmod	2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/groupmod	2011-07-20 19:04:44.864844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth		sufficient	pam_rootok.so
+ account		required	pam_permit.so
+-password	include		system-auth
++password	include		common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/useradd shadow-4.1.4.3/etc/pam.d/useradd
+--- shadow-4.1.4.3/etc/pam.d.orig/useradd	2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/useradd	2011-07-20 19:07:26.244844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth		sufficient	pam_rootok.so
+ account		required	pam_permit.so
+-password	include		system-auth
++password	include		common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/userdel shadow-4.1.4.3/etc/pam.d/userdel
+--- shadow-4.1.4.3/etc/pam.d.orig/userdel	2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/userdel	2011-07-20 19:07:35.734844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth		sufficient	pam_rootok.so
+ account		required	pam_permit.so
+-password	include		system-auth
++password	include		common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/usermod shadow-4.1.4.3/etc/pam.d/usermod
+--- shadow-4.1.4.3/etc/pam.d.orig/usermod	2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/usermod	2011-07-20 19:07:42.024844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth		sufficient	pam_rootok.so
+ account		required	pam_permit.so
+-password	include		system-auth
++password	include		common-password
diff --git a/meta/recipes-extended/shadow/shadow_4.1.4.3.bb b/meta/recipes-extended/shadow/shadow_4.1.4.3.bb
index 5731a26..70d4cbb 100644
--- a/meta/recipes-extended/shadow/shadow_4.1.4.3.bb
+++ b/meta/recipes-extended/shadow/shadow_4.1.4.3.bb
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=08c553a87d4e51bbed50b20e0adcaede \
 
 DEPENDS = "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
 RDEPENDS_${PN} = "${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_PLUGINS}', '', d)}"
-PR = "r2"
+PR = "r3"
 
 SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz2 \
            file://login_defs_pam.sed \
@@ -19,7 +19,8 @@ SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz
            file://shadow-4.1.3-dots-in-usernames.patch \
            file://shadow-4.1.4.2-env-reset-keep-locale.patch \
            file://shadow-4.1.4.2-groupmod-pam-check.patch \
-           file://shadow-4.1.4.2-su_no_sanitize_env.patch"
+           file://shadow-4.1.4.2-su_no_sanitize_env.patch \
+           file://shadow-update-pam-conf.patch"
 
 SRC_URI[md5sum] = "b8608d8294ac88974f27b20f991c0e79"
 SRC_URI[sha256sum] = "633f5bb4ea0c88c55f3642c97f9d25cbef74f82e0b4cf8d54e7ad6f9f9caa778"
-- 
1.7.5.1.300.gc565c

[PATCH 7/7] at: enable pam support

[Kang Kai]

From: Wenzong Fan <wenzong.fan@windriver.com>

add patches to make at enable pam support

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
 .../at/at-3.1.12/configure-add-enable-pam.patch    |   23 ++++++++++++++++++++
 meta/recipes-extended/at/at-3.1.12/pam.conf.patch  |   21 ++++++++++++++++++
 meta/recipes-extended/at/at_3.1.12.bb              |   21 ++++++++++++++---
 3 files changed, 61 insertions(+), 4 deletions(-)
 create mode 100644 meta/recipes-extended/at/at-3.1.12/configure-add-enable-pam.patch
 create mode 100644 meta/recipes-extended/at/at-3.1.12/pam.conf.patch

diff --git a/meta/recipes-extended/at/at-3.1.12/configure-add-enable-pam.patch b/meta/recipes-extended/at/at-3.1.12/configure-add-enable-pam.patch
new file mode 100644
index 0000000..1f73cdd
--- /dev/null
+++ b/meta/recipes-extended/at/at-3.1.12/configure-add-enable-pam.patch
@@ -0,0 +1,23 @@
+--- at-3.1.12/configure.ac	2011-06-23 14:51:03.653572945 +0800
++++ at-3.1.12/configure.ac.new	2011-06-27 16:12:14.903572945 +0800
+@@ -81,10 +81,18 @@
+ AC_FUNC_VPRINTF
+ AC_FUNC_GETLOADAVG
+ AC_CHECK_FUNCS(getcwd mktime strftime setreuid setresuid sigaction waitpid)
++
++AC_ARG_WITH([pam],
++  [AS_HELP_STRING([--without-pam], [without PAM support])])
++
++if test "x$with_pam" != xno; then
+ AC_CHECK_HEADERS(security/pam_appl.h, [
+   PAMLIB="-lpam"
+-  AC_DEFINE(HAVE_PAM, 1, [Define to 1 for PAM support])
+-])
++  AC_DEFINE(HAVE_PAM, 1, [Define to 1 for PAM support])],
++   [if test "x$with_pam" = xyes; then
++   AC_MSG_ERROR([PAM selected but security/pam_misc.h not found])
++   fi])
++fi
+
+ dnl Checking for programs
+
diff --git a/meta/recipes-extended/at/at-3.1.12/pam.conf.patch b/meta/recipes-extended/at/at-3.1.12/pam.conf.patch
new file mode 100644
index 0000000..dfe76d7
--- /dev/null
+++ b/meta/recipes-extended/at/at-3.1.12/pam.conf.patch
@@ -0,0 +1,21 @@
+oe doesn't support "@include", use the concrete directive instead.
+
+Upstream-Status: Pending
+
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+--- at-3.1.12/pam.conf.orig	2009-11-23 23:11:52.000000000 +0800
++++ at-3.1.12/pam.conf	2011-07-15 11:14:04.132818950 +0800
+@@ -2,8 +2,8 @@
+ # The PAM configuration file for the at daemon
+ #
+
+-auth	required	pam_env.so
+-@include common-auth
+-@include common-account
+-@include common-session-noninteractive
+-session    required   pam_limits.so
++auth    required    pam_env.so
++auth    include     common-auth
++account include     common-account
++session include     common-session-noninteractive
++session required    pam_limits.so
diff --git a/meta/recipes-extended/at/at_3.1.12.bb b/meta/recipes-extended/at/at_3.1.12.bb
index 3a94497..c76b50e 100644
--- a/meta/recipes-extended/at/at_3.1.12.bb
+++ b/meta/recipes-extended/at/at_3.1.12.bb
@@ -4,10 +4,11 @@ the system load levels drop to a particular level."
 SECTION = "base"
 LICENSE="GPLv2+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=4325afd396febcb659c36b49533135d4"
-DEPENDS = "flex libpam initscripts"
+DEPENDS = "flex libpam initscripts \
+	${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
 RCONFLICTS_${PN} = "atd"
 RREPLACES_${PN} = "atd"
-PR = "r4"
+PR = "r5"
 
 SRC_URI = "${DEBIAN_MIRROR}/main/a/at/at_${PV}.orig.tar.gz \
     file://configure.patch \
@@ -17,7 +18,11 @@ SRC_URI = "${DEBIAN_MIRROR}/main/a/at/at_${PV}.orig.tar.gz \
     file://posixtm.c \
     file://posixtm.h \
     file://file_replacement_with_gplv2.patch \
-    file://S99at"
+    file://S99at \
+    ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}"
+
+PAM_SRC_URI = "file://pam.conf.patch \
+               file://configure-add-enable-pam.patch"
 
 SRC_URI[md5sum] = "1e67991776148fb319fd77a2e599a765"
 SRC_URI[sha256sum] = "7c55c6ab4fbe8add9e68f31b2b0ebf3fe805c9a4e7cfb2623a3d8a4789cc18f3"
@@ -26,7 +31,8 @@ EXTRA_OECONF += "ac_cv_path_SENDMAIL=/bin/true \
                  --with-daemon_username=root \
                  --with-daemon_groupname=root \
                  --with-jobdir=/var/spool/at/jobs \
-                 --with-atspool=/var/spool/at/spool"
+                 --with-atspool=/var/spool/at/spool \
+                 ${@base_contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} "
 
 inherit autotools
 
@@ -41,6 +47,13 @@ do_install () {
 	install -d ${D}${sysconfdir}/rcS.d
 	install -m 0755    ${WORKDIR}/S99at		${D}${sysconfdir}/init.d/atd
 	ln -sf		../init.d/atd		${D}${sysconfdir}/rcS.d/S99at
+
+	for feature in ${DISTRO_FEATURES}; do
+		if [ "$feature" = "pam" ]; then
+			install -D -m 0644 ${WORKDIR}/${P}/pam.conf ${D}${sysconfdir}/pam.d/atd
+			break
+		fi
+	done
 }
 
 pkg_postinst_${PN} () {
-- 
1.7.5.1.300.gc565c

Re: [PATCH 0/7] works of adding packages pam support V2

[Scott Garman]

On 07/25/2011 08:29 PM, Kang Kai wrote:
> From: Kang Kai<kai.kang@windriver.com>
>
> Hi Scott,
>
> This is the work of adding pam supports version 2.

Acked-by: Scott Garman <scott.a.garman@intel.com>

for this patch series.

Thanks Kai!

>
> Xiaofeng Yan's commits will be commited by himself, including openssh, dropbear and polkit.
>
> As Saul told,
> * update the indent
> * check the PR
> * make install configure file when pam support enabled
>
> After update libpam to 1.1.4, we enable the packages pam support. And if the pacakge
> doesn't have a pam configure file, import from Fedora.
>
>
> The following changes since commit e803c58ffb05e6d1f5938f1bfe6dfca9e3c26e02:
>
>    libiconv: Fix build failure on 1.13.1 (2011-07-21 22:50:24 +0100)
>
> are available in the git repository at:
>    git://git.pokylinux.org/poky-contrib kangkai/distro
>    http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai/distro
>
> Kang Kai (5):
>    libpam: update to 1.1.4 and add subpackage xtests
>    cups: add pam support
>    screen: add pam support
>    sudo: add pam support
>    shadow: update pam related configure files
>
> Wenzong Fan (2):
>    cronie: enable PAM support for cronie
>    at: enable pam support
>
>   .../at/at-3.1.12/configure-add-enable-pam.patch    |   23 +++++
>   meta/recipes-extended/at/at-3.1.12/pam.conf.patch  |   21 +++++
>   meta/recipes-extended/at/at_3.1.12.bb              |   21 ++++-
>   .../cronie/cronie/crond_pam_config.patch           |   19 ++++
>   meta/recipes-extended/cronie/cronie_1.4.7.bb       |   12 ++-
>   meta/recipes-extended/cups/cups_1.4.6.bb           |    8 +-
>   .../pam/libpam/libpam-xtests.patch                 |   35 ++++++++
>   .../pam/{libpam_1.1.3.bb =>  libpam_1.1.4.bb}       |   14 ++-
>   .../screen/screen-4.0.3/screen.pam                 |    2 +
>   meta/recipes-extended/screen/screen_4.0.3.bb       |   23 ++++-
>   .../shadow/files/shadow-update-pam-conf.patch      |   91 ++++++++++++++++++++
>   meta/recipes-extended/shadow/shadow_4.1.4.3.bb     |    5 +-
>   meta/recipes-extended/sudo/files/sudo.pam          |    6 ++
>   meta/recipes-extended/sudo/sudo_1.8.1p2.bb         |   18 +++-
>   14 files changed, 274 insertions(+), 24 deletions(-)
>   create mode 100644 meta/recipes-extended/at/at-3.1.12/configure-add-enable-pam.patch
>   create mode 100644 meta/recipes-extended/at/at-3.1.12/pam.conf.patch
>   create mode 100644 meta/recipes-extended/cronie/cronie/crond_pam_config.patch
>   create mode 100644 meta/recipes-extended/pam/libpam/libpam-xtests.patch
>   rename meta/recipes-extended/pam/{libpam_1.1.3.bb =>  libpam_1.1.4.bb} (85%)
>   create mode 100644 meta/recipes-extended/screen/screen-4.0.3/screen.pam
>   create mode 100644 meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
>   create mode 100644 meta/recipes-extended/sudo/files/sudo.pam
>


-- 
Scott Garman
Embedded Linux Engineer - Yocto Project
Intel Open Source Technology Center

Re: [PATCH 0/7] works of adding packages pam support V2

[Saul Wold]

On 07/25/2011 08:29 PM, Kang Kai wrote:
> From: Kang Kai<kai.kang@windriver.com>
>
> Hi Scott,
>
> This is the work of adding pam supports version 2.
>
> Xiaofeng Yan's commits will be commited by himself, including openssh, dropbear and polkit.
>
> As Saul told,
> * update the indent
> * check the PR
> * make install configure file when pam support enabled
>
> After update libpam to 1.1.4, we enable the packages pam support. And if the pacakge
> doesn't have a pam configure file, import from Fedora.
>
>
> The following changes since commit e803c58ffb05e6d1f5938f1bfe6dfca9e3c26e02:
>
>    libiconv: Fix build failure on 1.13.1 (2011-07-21 22:50:24 +0100)
>
> are available in the git repository at:
>    git://git.pokylinux.org/poky-contrib kangkai/distro
>    http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai/distro
>
> Kang Kai (5):
>    libpam: update to 1.1.4 and add subpackage xtests
>    cups: add pam support
>    screen: add pam support
>    sudo: add pam support
>    shadow: update pam related configure files
>
> Wenzong Fan (2):
>    cronie: enable PAM support for cronie
>    at: enable pam support
>
>   .../at/at-3.1.12/configure-add-enable-pam.patch    |   23 +++++
>   meta/recipes-extended/at/at-3.1.12/pam.conf.patch  |   21 +++++
>   meta/recipes-extended/at/at_3.1.12.bb              |   21 ++++-
>   .../cronie/cronie/crond_pam_config.patch           |   19 ++++
>   meta/recipes-extended/cronie/cronie_1.4.7.bb       |   12 ++-
>   meta/recipes-extended/cups/cups_1.4.6.bb           |    8 +-
>   .../pam/libpam/libpam-xtests.patch                 |   35 ++++++++
>   .../pam/{libpam_1.1.3.bb =>  libpam_1.1.4.bb}       |   14 ++-
>   .../screen/screen-4.0.3/screen.pam                 |    2 +
>   meta/recipes-extended/screen/screen_4.0.3.bb       |   23 ++++-
>   .../shadow/files/shadow-update-pam-conf.patch      |   91 ++++++++++++++++++++
>   meta/recipes-extended/shadow/shadow_4.1.4.3.bb     |    5 +-
>   meta/recipes-extended/sudo/files/sudo.pam          |    6 ++
>   meta/recipes-extended/sudo/sudo_1.8.1p2.bb         |   18 +++-
>   14 files changed, 274 insertions(+), 24 deletions(-)
>   create mode 100644 meta/recipes-extended/at/at-3.1.12/configure-add-enable-pam.patch
>   create mode 100644 meta/recipes-extended/at/at-3.1.12/pam.conf.patch
>   create mode 100644 meta/recipes-extended/cronie/cronie/crond_pam_config.patch
>   create mode 100644 meta/recipes-extended/pam/libpam/libpam-xtests.patch
>   rename meta/recipes-extended/pam/{libpam_1.1.3.bb =>  libpam_1.1.4.bb} (85%)
>   create mode 100644 meta/recipes-extended/screen/screen-4.0.3/screen.pam
>   create mode 100644 meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
>   create mode 100644 meta/recipes-extended/sudo/files/sudo.pam
>

Merged into OE-Core

Thanks
	Sau!