mirror/iopsys-feed
1
0
Fork 0
mirror of https://dev.iopsys.eu/feed/iopsys.git synced 2025-12-10 07:44:50 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

linux-pam: 1.7.0

Browse source
This commit is contained in:
Vivek Kumar Dutta 2025-03-11 11:23:45 +05:30
parent a49407ad79
commit 2be4eeebb7
No known key found for this signature in database
GPG key ID: 4E09F5AD8265FD4C
2 changed files with 81 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
linux-pam/Makefile Normal file
View file

@ -0,0 +1,38 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=linux-pam
PKG_VERSION:=1.7.0
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/linux-pam/linux-pam.git
PKG_SOURCE_VERSION:=v$(PKG_VERSION)
PKG_MIRROR_HASH:=skip
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/meson.mk
define Package/linux-pam
SECTION:=libs
CATEGORY:=Libraries
TITLE:=Linux PAM Module
DEPENDS:=+libpam
endef
MESON_ARGS += \
-Dprefix=/usr \
-Ddefault_library=shared \
-Ddocs=disabled \
-Deconf=disabled \
-Dselinux=disabled \
-Dnis=disabled \
-Dexamples=false \
-Dxtests=false
define Package/linux-pam/install
$(INSTALL_DIR) $(1)/usr/lib/security
$(INSTALL_DIR) $(1)/etc/uci-defaults/
$(INSTALL_BIN) ./files/pam_faillock.uci_default $(1)/etc/uci-defaults/99-add_pam_faillock
endef
$(eval $(call BuildPackage,linux-pam))

43
linux-pam/files/pam_faillock.uci_default Normal file
View file

@ -0,0 +1,43 @@
#!/bin/sh
create_faillock_files()
{
# also create files needed by pam_faillock
touch /var/log/faillock
chmod 700 /var/log/faillock
touch /var/log/btmp
chmod 700 /var/log/btmp
}
update_pam_common_auth()
{
local file="/etc/pam.d/common-auth"
local deny=6
local unlock_time=300
# update pam_unix.so line
sed -i -E 's|^.*pam_unix\.so.*|auth\t sufficient\tpam_unix.so nullok_secure|' "$file"
# Insert pam_faillock lines before and after pam_unix.so
sed -i -E "/pam_unix.so nullok_secure/i auth required pam_faillock.so preauth deny=$deny even_deny_root unlock_time=$unlock_time" "$file"
sed -i -E "/pam_unix.so nullok_secure/a auth [default=die] pam_faillock.so authfail audit deny=$deny even_deny_root unlock_time=$unlock_time" "$file"
}
update_pam_common_account()
{
# update account file
sed -i "/pam_unix.so/ i account required pam_faillock.so" /etc/pam.d/common-account
}
if [ -f "/usr/lib/security/pam_faillock.so" ]; then
update_pam_common_auth
update_pam_common_account
create_faillock_files
fi
if [ -f /etc/config/sshd ]; then
uci -q set sshd.@sshd[0].UsePAM=1
uci commit sshd
fi
exit 0