Sync with Shadow ... too many changes these days to keep track. Redo pamd file, as the PAM enabled version no longer use LASTLOG, etc.

(Portage version: 2.0.51.22-r2)

7 files changed, 399 insertions, 18 deletions

diff --git a/sys-apps/pam-login/ChangeLog b/sys-apps/pam-login/ChangeLog
index c225b337775e..99708c1cfc47 100644
--- a/sys-apps/pam-login/ChangeLog
+++ b/sys-apps/pam-login/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for sys-apps/pam-login
 # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/pam-login/ChangeLog,v 1.51 2005/07/19 22:51:21 kloeri Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/pam-login/ChangeLog,v 1.52 2005/08/01 11:48:13 azarah Exp $
+
+*pam-login-4.0.11.1 (01 Aug 2005)
+
+  01 Aug 2005; Martin Schlemmer <azarah@gentoo.org> +files/login.defs-4.0,
+  +files/login.pamd-4.0, +files/pam-login-4.0.10-fix-configure.patch,
+  +pam-login-4.0.11.1.ebuild:
+  Sync with Shadow ... too many changes these days to keep track. Redo pamd
+  file, as the PAM enabled version no longer use LASTLOG, etc.
 
   19 Jul 2005; Bryan Østergaard <kloeri@gentoo.org> pam-login-3.17.ebuild:
   Stable on alpha.
diff --git a/sys-apps/pam-login/Manifest b/sys-apps/pam-login/Manifest
index ded1d94e393a..2947984f9594 100644
--- a/sys-apps/pam-login/Manifest
+++ b/sys-apps/pam-login/Manifest
@@ -1,23 +1,17 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
+MD5 bd419ab4c6435377482501f00f59a5e8 pam-login-4.0.11.1.ebuild 3404
 MD5 d8bdfc1f7fb81be06fffd8f204c850be ChangeLog 7171
-MD5 1d05f0436f1c273d7862099f309afe4d metadata.xml 156
-MD5 f6a4f4c2e8300f1db0e4daf8fc8999b6 pam-login-3.14.ebuild 2801
 MD5 2595d9d5d585309a961d44bb056d46fe pam-login-3.17.ebuild 2876
-MD5 e7f9dde204926c73a570b344556e4b1e files/digest-pam-login-3.17 67
+MD5 f6a4f4c2e8300f1db0e4daf8fc8999b6 pam-login-3.14.ebuild 2801
+MD5 1d05f0436f1c273d7862099f309afe4d metadata.xml 156
+MD5 dc186a72173f90c2fd3025c4921f3440 .pam-login-4.0.11.1.ebuild.swp 12288
 MD5 bd631a67641c2ecb9f2da34226ca80a8 files/digest-pam-login-3.14 67
-MD5 0021ec2d8f5fc517f0e74f7233fc16c9 files/pam-login-3.11-gcc33.patch 527
-MD5 2e7603feaff187884dd9b1e66601f02b files/login.pamd 382
-MD5 7761083b62bdcb822f1b9533aab2e06c files/pam-login-3.11-lastlog-fix.patch 362
 MD5 128c7d12948df01d7348a7edede0c2fb files/pam-login-3.14-query_user_context.diff 635
+MD5 0e12fe540bb45456d3e40481cb49dac1 files/login.defs-4.0 6045
 MD5 97fac4bd3167fadfc2abaeaa819ccbde files/pam_login-Werror-off-ppc64.patch 511
-MD5 21df4caf263fa2ed75e574f9a067b72e files/login.defs 3229
+MD5 9375147f78a25196b654616c969af9a5 files/digest-pam-login-4.0.11.1 69
+MD5 b9ef4f525f1017a08569cfc463a9532a files/login.pamd-4.0 752
+MD5 0021ec2d8f5fc517f0e74f7233fc16c9 files/pam-login-3.11-gcc33.patch 527
 MD5 2fdbabc344539e9dfd4955c061596a27 files/pam-login-3.17-query_user_context.patch 423
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.1 (GNU/Linux)
-
-iD4DBQFC3YQMKf2g/qXtneoRAtX8AKDCZYgKMWn2OFiSowl17MV+EQ6wZQCYqq38
-gqVY1Dmf3a7GxvPCc0impQ==
-=PNsF
------END PGP SIGNATURE-----
+MD5 2e7603feaff187884dd9b1e66601f02b files/login.pamd 382
+MD5 7761083b62bdcb822f1b9533aab2e06c files/pam-login-3.11-lastlog-fix.patch 362
+MD5 e7f9dde204926c73a570b344556e4b1e files/digest-pam-login-3.17 67
diff --git a/sys-apps/pam-login/files/digest-pam-login-4.0.11.1 b/sys-apps/pam-login/files/digest-pam-login-4.0.11.1
new file mode 100644
index 000000000000..797d6633880d
--- /dev/null
+++ b/sys-apps/pam-login/files/digest-pam-login-4.0.11.1
@@ -0,0 +1 @@
+MD5 e60b7b16128b9e00576073389a0ff1e6 shadow-4.0.11.1.tar.bz2 1056103
diff --git a/sys-apps/pam-login/files/login.defs-4.0 b/sys-apps/pam-login/files/login.defs-4.0
new file mode 100644
index 000000000000..a59ba6834b26
--- /dev/null
+++ b/sys-apps/pam-login/files/login.defs-4.0
@@ -0,0 +1,205 @@
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+#	$Id: login.defs-4.0,v 1.1 2005/08/01 11:48:13 azarah Exp $
+#
+# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed.  All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux.  --marekm
+
+#
+# Delay in seconds before being allowed another attempt after a login failure
+#
+FAIL_DELAY		3
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+CONSOLE		/etc/securetty
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# *REQUIRED*
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define both, MAIL_DIR takes precedence.
+#
+MAIL_DIR	/var/spool/mail
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#	UMASK		Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# The ULIMIT is used only if the system supports it.
+# (now it works with setrlimit too; ulimit is in 512-byte units)
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  100
+GID_MAX			60000
+
+#
+# Max number of login retries if password is bad
+#
+LOGIN_RETRIES		3
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+#CONSOLE_GROUPS		floppy:audio:cdrom
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default in no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# When prompting for password without echo, getpass() can optionally
+# display a random number (in the range 1 to GETPASS_ASTERISKS) of '*'
+# characters for each character typed.  This feature is designed to
+# confuse people looking over your shoulder when you enter a password :-).
+# Also, the new getpass() accepts both Backspace (8) and Delete (127)
+# keys to delete previous character (to cope with different terminal
+# types), Control-U to delete all characters, and beeps when there are
+# no more characters to delete, or too many characters entered.
+#
+# Setting GETPASS_ASTERISKS to 1 results in more traditional behaviour -
+# exactly one '*' displayed for each character typed.
+#
+# Setting GETPASS_ASTERISKS to 0 disables the '*' characters (Backspace,
+# Delete, Control-U and beep continue to work as described above).
+#
+# Setting GETPASS_ASTERISKS to -1 reverts to the traditional getpass()
+# without any new features.  This is the default.
+#
+GETPASS_ASTERISKS 0
+
+#
+# Enable setting of the umask group bits to be the same as owner bits
+# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
+# the same as gid, and username is the same as the primary group name.
+#
+# This also enables userdel to remove user groups if no members exist.
+#
+USERGROUPS_ENAB yes
+
diff --git a/sys-apps/pam-login/files/login.pamd-4.0 b/sys-apps/pam-login/files/login.pamd-4.0
new file mode 100644
index 000000000000..6676526a9cb4
--- /dev/null
+++ b/sys-apps/pam-login/files/login.pamd-4.0
@@ -0,0 +1,24 @@
+#%PAM-1.0
+
+auth       required	pam_securetty.so
+auth       include	system-auth
+auth       required	pam_tally.so file=/var/log/faillog onerr=succeed no_magic_root
+auth       required	pam_shells.so
+auth       required	pam_nologin.so
+
+account    required	pam_access.so
+account    include	system-auth
+account    required	pam_tally.so deny=0 file=/var/log/faillog onerr=succeed no_magic_root
+
+password   include	system-auth
+
+session    include	system-auth
+session    required	pam_env.so
+session    optional	pam_lastlog.so
+session    optional	pam_motd.so motd=/etc/motd
+session    optional	pam_mail.so
+
+# If you want to enable pam_console, uncomment the following line
+# and read carefully README.pam_console in /usr/share/doc/pam*
+#session    optional	pam_console.so
+
diff --git a/sys-apps/pam-login/files/pam-login-4.0.10-fix-configure.patch b/sys-apps/pam-login/files/pam-login-4.0.10-fix-configure.patch
new file mode 100644
index 000000000000..eeee957510ae
--- /dev/null
+++ b/sys-apps/pam-login/files/pam-login-4.0.10-fix-configure.patch
@@ -0,0 +1,24 @@
+Fix wrong var name
+
+--- configure.in
++++ configure.in
+@@ -165,7 +165,7 @@ AC_DEFINE_UNQUOTED(_UTMP_FILE, "$shadow_
+ 
+ AC_CACHE_CHECK([location of faillog/lastlog/wtmp], shadow_cv_logdir,
+ [for shadow_cv_logdir in /var/log /var/adm /usr/adm /etc; do
+-	if test -d $logdir; then
++	if test -d $shadow_cv_logdir; then
+ 		break
+ 	fi
+ done])
+--- configure
++++ configure
+@@ -22349,7 +22348,7 @@
+   echo $ECHO_N "(cached) $ECHO_C" >&6
+ else
+   for shadow_cv_logdir in /var/log /var/adm /usr/adm /etc; do
+-	if test -d $logdir; then
++	if test -d $shadow_cv_logdir; then
+ 		break
+ 	fi
+ done
diff --git a/sys-apps/pam-login/pam-login-4.0.11.1.ebuild b/sys-apps/pam-login/pam-login-4.0.11.1.ebuild
new file mode 100644
index 000000000000..99f1eba3015c
--- /dev/null
+++ b/sys-apps/pam-login/pam-login-4.0.11.1.ebuild
@@ -0,0 +1,125 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/pam-login/pam-login-4.0.11.1.ebuild,v 1.1 2005/08/01 11:48:13 azarah Exp $
+
+inherit eutils libtool flag-o-matic pam
+
+# Do we want to backup an old login.defs, and forcefully
+# install a new version?
+FORCE_LOGIN_DEFS="no"
+
+MY_PN="shadow"
+S="${WORKDIR}/${MY_PN}-${PV}"
+DESCRIPTION="Login, lastlog and faillog for PAM based systems"
+HOMEPAGE="http://shadow.pld.org.pl/"
+SRC_URI="ftp://ftp.pld.org.pl/software/${MY_PN}/${MY_PN}-${PV}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="livecd nls selinux"
+
+DEPEND="virtual/libc
+	sys-libs/pam
+	>=sys-apps/shadow-4.0.11.1
+	selinux? ( sys-libs/libselinux )"
+# We need sys-apps/shadow-4.0.7-r1, as that no longer installs login.pamd
+
+src_unpack() {
+	unpack ${A}
+
+	cd ${S}
+
+	# The new configure changes do not detect utmp/logdir properly
+	epatch "${FILESDIR}"/${PN}-4.0.10-fix-configure.patch
+
+	elibtoolize
+	epunt_cxx
+}
+
+src_compile() {
+	append-ldflags -Wl,-z,now
+	[[ ${CTARGET:-${CHOST}} != ${CHOST} ]] \
+		&& export ac_cv_func_setpgrp_void=yes
+	econf \
+		--disable-desrpc \
+		--with-libcrypt \
+		--with-libcrack \
+		--enable-shared=no \
+		--enable-static=yes \
+		--with-libpam \
+		$(use_with skey libskey) \
+		$(use_with selinux) \
+		$(use_enable nls) \
+		|| die "bad configure"
+
+	cd ${S}/man
+	emake SUBDIRS="" \
+	      man_XMANS="faillog.5.xml faillog.8.xml lastlog.8.xml \
+	                 login.1.xml login.access.5.xml login.defs.5.xml" \
+	      man_MANS="faillog.5 faillog.8 lastlog.8 \
+	                login.1 login.access.5 login.defs.5" \
+		|| die "emake man failed"
+	cd ${S}/libmisc
+	emake || die "emake libmisc failed"
+	cd ${S}/lib
+	emake || die "emake lib failed"
+	cd ${S}/src
+	emake faillog lastlog login || die "emake faillog lastlog login failed"
+}
+
+src_install() {
+	cd ${S}/man
+	make SUBDIRS="" \
+	     man_XMANS="faillog.5.xml faillog.8.xml lastlog.8.xml \
+	                login.1.xml login.defs.5.xml" \
+	     man_MANS="faillog.5 faillog.8 lastlog.8 \
+	               login.1 login.defs.5" \
+	     DESTDIR=${D} install || die "emake man failed"
+	cd ${S}/src
+
+	into /
+	dobin ${S}/src/login
+	into /usr
+	dobin ${S}/src/{last,fail}log
+
+	newpamd "${FILESDIR}/login.pamd-4.0" login
+
+	insinto /etc
+	insopts -m0644
+	newins "${FILESDIR}/login.defs-4.0" login.defs
+
+	# Also install another one that we can use to check if
+	# we need to update it if FORCE_LOGIN_DEFS = "yes"
+	[ "${FORCE_LOGIN_DEFS}" = "yes" ] \
+		&& newins "${FILESDIR}/login.defs" login.defs.new
+
+	dodoc ChangeLog NEWS README TODO
+}
+
+pkg_preinst() {
+	rm -f "${ROOT}/etc/login.defs.new"
+}
+
+pkg_postinst() {
+	[ "${FORCE_LOGIN_DEFS}" != "yes" ] && return 0
+
+	ewarn "Due to a compatibility issue, ${ROOT}etc/login.defs "
+	ewarn "is being updated automatically. Your old login.defs"
+	ewarn "will be backed up as:  ${ROOT}etc/login.defs.bak"
+	echo
+
+	local CHECK1="`md5sum ${ROOT}/etc/login.defs | cut -d ' ' -f 1`"
+	local CHECK2="`md5sum ${ROOT}/etc/login.defs.new | cut -d ' ' -f 1`"
+
+	if [ "${CHECK1}" != "${CHECK2}" ]
+	then
+		cp -a ${ROOT}/etc/login.defs ${ROOT}/etc/login.defs.bak
+		mv -f ${ROOT}/etc/login.defs.new ${ROOT}/etc/login.defs
+	elif [ ! -f ${ROOT}/etc/login.defs ]
+	then
+		mv -f ${ROOT}/etc/login.defs.new ${ROOT}/etc/login.defs
+	else
+		rm -f ${ROOT}/etc/login.defs.new
+	fi
+}