From 2240a84adc93e5539ec7fec845369170a9568e54 Mon Sep 17 00:00:00 2001
From: Mohd Husaam Mehdi <husaam.mehdi@iopsys.eu>
Date: Wed, 23 Jul 2025 13:11:24 +0530
Subject: [PATCH] linux-pam: align with usermngr (move PAM setup to usermngr)

---
 linux-pam/Makefile                       |  4 +--
 linux-pam/files/pam_faillock.uci_default | 43 ------------------------
 linux-pam/linux_pam.init                 | 18 ++++++++++
 3 files changed, 20 insertions(+), 45 deletions(-)
 delete mode 100644 linux-pam/files/pam_faillock.uci_default
 create mode 100755 linux-pam/linux_pam.init

diff --git a/linux-pam/Makefile b/linux-pam/Makefile
index 3ab1fc956..79947366e 100644
--- a/linux-pam/Makefile
+++ b/linux-pam/Makefile
@@ -31,8 +31,8 @@ MESON_ARGS += \
 
 define Package/linux-pam/install
 	$(INSTALL_DIR) $(1)/usr/lib/security
-	$(INSTALL_DIR) $(1)/etc/uci-defaults/
-	$(INSTALL_BIN) ./files/pam_faillock.uci_default $(1)/etc/uci-defaults/99-add_pam_faillock
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./linux_pam.init $(1)/etc/init.d/linux_pam
 endef
 
 $(eval $(call BuildPackage,linux-pam))
diff --git a/linux-pam/files/pam_faillock.uci_default b/linux-pam/files/pam_faillock.uci_default
deleted file mode 100644
index 45af5dc45..000000000
--- a/linux-pam/files/pam_faillock.uci_default
+++ /dev/null
@@ -1,43 +0,0 @@
-#!/bin/sh
-
-create_faillock_files()
-{
-	# also create files needed by pam_faillock
-	touch /var/log/faillock
-	chmod 700 /var/log/faillock
-	touch /var/log/btmp
-	chmod 700 /var/log/btmp
-}
-
-update_pam_common_auth()
-{
-	local file="/etc/pam.d/common-auth"
-	local deny=6
-	local unlock_time=300
-
-	# update pam_unix.so line
-	sed -i -E 's|^.*pam_unix\.so.*|auth\t sufficient\tpam_unix.so nullok_secure|' "$file"
-
-	# Insert pam_faillock lines before and after pam_unix.so
-	sed -i -E "/pam_unix.so nullok_secure/i auth     required       pam_faillock.so preauth deny=$deny even_deny_root unlock_time=$unlock_time" "$file"
-	sed -i -E "/pam_unix.so nullok_secure/a auth     [default=die]  pam_faillock.so authfail audit deny=$deny even_deny_root unlock_time=$unlock_time" "$file"
-}
-
-update_pam_common_account()
-{
-	# update account file
-	sed -i "/pam_unix.so/ i account  required       pam_faillock.so" /etc/pam.d/common-account
-}
-
-if [ -f "/usr/lib/security/pam_faillock.so" ]; then
-	update_pam_common_auth
-	update_pam_common_account
-	create_faillock_files
-fi
-
-if [ -f /etc/config/sshd ]; then
-	uci -q set sshd.@sshd[0].UsePAM=1
-	uci commit sshd
-fi
-
-exit 0
diff --git a/linux-pam/linux_pam.init b/linux-pam/linux_pam.init
new file mode 100755
index 000000000..b55d5fca0
--- /dev/null
+++ b/linux-pam/linux_pam.init
@@ -0,0 +1,18 @@
+#!/bin/sh /etc/rc.common
+
+START=11
+STOP=90
+USE_PROCD=1
+
+create_faillock_files()
+{
+	# also create files needed by pam_faillock
+	touch /var/log/faillock
+	chmod 700 /var/log/faillock
+	touch /var/log/btmp
+	chmod 700 /var/log/btmp
+}
+
+boot() {
+	create_faillock_files
+}