From 2d9db48c9adecc92a61d7e139b69420069c91bd8 Mon Sep 17 00:00:00 2001
From: Ronan Le Martret <ronan@fridu.net>
Date: Tue, 17 Jun 2014 14:46:05 +0200
Subject: [PATCH] Fix shadow  pam conf file.

Change-Id: Ifb742d915566eefd9677cd57bc4708e1173fc200
Signed-off-by: Ronan Le Martret <ronan@fridu.net>
---
 recipes-extended/shadow/files/pam.d/chage       |  6 ++++++
 recipes-extended/shadow/files/pam.d/chfn        |  8 ++++++++
 recipes-extended/shadow/files/pam.d/chsh        |  8 ++++++++
 recipes-extended/shadow/files/pam.d/login       | 12 ++++++++++++
 recipes-extended/shadow/files/pam.d/passwd      |  5 +++++
 recipes-extended/shadow/files/pam.d/remote      | 12 ++++++++++++
 recipes-extended/shadow/files/pam.d/shadow      |  7 +++++++
 recipes-extended/shadow/files/pam.d/su          |  8 ++++++++
 recipes-extended/shadow/files/pam.d/su-l        |  8 ++++++++
 recipes-extended/shadow/files/pam.d/useradd     |  6 ++++++
 recipes-extended/shadow/shadow_4.1.4.3.bbappend | 18 ++++++++++++++++++
 11 files changed, 98 insertions(+)
 create mode 100644 recipes-extended/shadow/files/pam.d/chage
 create mode 100644 recipes-extended/shadow/files/pam.d/chfn
 create mode 100644 recipes-extended/shadow/files/pam.d/chsh
 create mode 100644 recipes-extended/shadow/files/pam.d/login
 create mode 100644 recipes-extended/shadow/files/pam.d/passwd
 create mode 100644 recipes-extended/shadow/files/pam.d/remote
 create mode 100644 recipes-extended/shadow/files/pam.d/shadow
 create mode 100644 recipes-extended/shadow/files/pam.d/su
 create mode 100644 recipes-extended/shadow/files/pam.d/su-l
 create mode 100644 recipes-extended/shadow/files/pam.d/useradd
 create mode 100644 recipes-extended/shadow/shadow_4.1.4.3.bbappend

diff --git a/recipes-extended/shadow/files/pam.d/chage b/recipes-extended/shadow/files/pam.d/chage
new file mode 100644
index 0000000..bee48fa
--- /dev/null
+++ b/recipes-extended/shadow/files/pam.d/chage
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth     sufficient	pam_rootok.so
+auth	 include	system-auth
+account	 include	system-auth
+password include	system-auth
+session	 include	system-auth
diff --git a/recipes-extended/shadow/files/pam.d/chfn b/recipes-extended/shadow/files/pam.d/chfn
new file mode 100644
index 0000000..59df52f
--- /dev/null
+++ b/recipes-extended/shadow/files/pam.d/chfn
@@ -0,0 +1,8 @@
+#%PAM-1.0
+# For chfn command
+auth     sufficient	pam_rootok.so
+auth     include        system-auth
+account  include        system-auth
+password include        system-auth
+session  include        system-auth
+
diff --git a/recipes-extended/shadow/files/pam.d/chsh b/recipes-extended/shadow/files/pam.d/chsh
new file mode 100644
index 0000000..2e54acc
--- /dev/null
+++ b/recipes-extended/shadow/files/pam.d/chsh
@@ -0,0 +1,8 @@
+#%PAM-1.0
+# For chsh command
+auth     sufficient	pam_rootok.so
+auth     include        system-auth
+account  include        system-auth
+password include        system-auth
+session  include        system-auth
+
diff --git a/recipes-extended/shadow/files/pam.d/login b/recipes-extended/shadow/files/pam.d/login
new file mode 100644
index 0000000..7f83376
--- /dev/null
+++ b/recipes-extended/shadow/files/pam.d/login
@@ -0,0 +1,12 @@
+#%PAM-1.0
+auth     requisite      pam_nologin.so
+auth            [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
+auth            include         system-auth
+account         required        pam_nologin.so
+account         include         system-auth
+password        include         system-auth
+
+session         include         system-auth
+session         required        pam_loginuid.so
+session         required        pam_namespace.so
+session         optional        pam_keyinit.so force revoke
diff --git a/recipes-extended/shadow/files/pam.d/passwd b/recipes-extended/shadow/files/pam.d/passwd
new file mode 100644
index 0000000..6d1bce6
--- /dev/null
+++ b/recipes-extended/shadow/files/pam.d/passwd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth	 include	system-auth
+account  include	system-auth
+password include	system-auth
+session	 include	system-auth
diff --git a/recipes-extended/shadow/files/pam.d/remote b/recipes-extended/shadow/files/pam.d/remote
new file mode 100644
index 0000000..4786d56
--- /dev/null
+++ b/recipes-extended/shadow/files/pam.d/remote
@@ -0,0 +1,12 @@
+#%PAM-1.0
+# This file is used by /bin/login in case of remote logins (means where
+# the -h option is used
+auth	 requisite	pam_nologin.so
+auth	 [user_unknown=ignore success=ok ignore=ignore auth_err=die default=bad]	pam_securetty.so
+auth	 include	system-auth
+account  include 	system-auth
+password include	system-auth
+session  required	pam_loginuid.so
+session	 include	system-auth
+session  optional       pam_lastlog.so nowtmp showfailed
+session  optional       pam_mail.so standard
diff --git a/recipes-extended/shadow/files/pam.d/shadow b/recipes-extended/shadow/files/pam.d/shadow
new file mode 100644
index 0000000..343efad
--- /dev/null
+++ b/recipes-extended/shadow/files/pam.d/shadow
@@ -0,0 +1,7 @@
+#%PAM-1.0
+auth     sufficient	pam_rootok.so
+auth     required	pam_permit.so
+account  required	pam_permit.so
+#password required	pam_make.so	/var/yp
+password required	pam_permit.so
+session  required	pam_deny.so
diff --git a/recipes-extended/shadow/files/pam.d/su b/recipes-extended/shadow/files/pam.d/su
new file mode 100644
index 0000000..475f0a1
--- /dev/null
+++ b/recipes-extended/shadow/files/pam.d/su
@@ -0,0 +1,8 @@
+#%PAM-1.0
+auth     sufficient     pam_rootok.so
+auth     include        system-auth
+account	 sufficient	pam_rootok.so
+account  include        system-auth
+password include        system-auth
+session  include        system-auth
+session  optional       pam_xauth.so
diff --git a/recipes-extended/shadow/files/pam.d/su-l b/recipes-extended/shadow/files/pam.d/su-l
new file mode 100644
index 0000000..475f0a1
--- /dev/null
+++ b/recipes-extended/shadow/files/pam.d/su-l
@@ -0,0 +1,8 @@
+#%PAM-1.0
+auth     sufficient     pam_rootok.so
+auth     include        system-auth
+account	 sufficient	pam_rootok.so
+account  include        system-auth
+password include        system-auth
+session  include        system-auth
+session  optional       pam_xauth.so
diff --git a/recipes-extended/shadow/files/pam.d/useradd b/recipes-extended/shadow/files/pam.d/useradd
new file mode 100644
index 0000000..76c6c8a
--- /dev/null
+++ b/recipes-extended/shadow/files/pam.d/useradd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth     sufficient	pam_rootok.so
+auth     required	pam_permit.so
+account  required	pam_permit.so
+password required	pam_permit.so
+session  required	pam_permit.so
diff --git a/recipes-extended/shadow/shadow_4.1.4.3.bbappend b/recipes-extended/shadow/shadow_4.1.4.3.bbappend
new file mode 100644
index 0000000..77ad159
--- /dev/null
+++ b/recipes-extended/shadow/shadow_4.1.4.3.bbappend
@@ -0,0 +1,18 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+
+# Additional Policy files for PAM from pwdutils
+PAM_SRC_URI = "file://pam.d/chage \
+               file://pam.d/chfn \
+               file://pam.d/chsh \
+               file://pam.d/passwd \
+               file://pam.d/shadow \
+               file://pam.d/useradd \
+              "
+
+# Additional Policy files for PAM from util-linux
+PAM_SRC_URI += "file://pam.d/login \
+                file://pam.d/remote \
+                file://pam.d/su \
+                file://pam.d/su-l \
+               "
-- 
2.7.4