From: franklahm Date: Mon, 23 Nov 2009 18:29:50 +0000 (+0000) Subject: Install better PAM config file X-Git-Tag: branch-symlink-start~101 X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=netatalk.git;a=commitdiff_plain;h=280924e2393a58d39e60e5f38ed16cf9374f92b3;ds=sidebyside Install better PAM config file --- diff --git a/NEWS b/NEWS index 4c99d4c7..24bab25f 100644 --- a/NEWS +++ b/NEWS @@ -25,6 +25,7 @@ Changes in 2.1 is deleted or corrupted. It can be disabled with a new volume option "nocnidcache". * NEW: afpd: IPv6 support +* UPD: afpd: try to install PAM config that pulls in system|common auth Changes in 2.0.5 ================ diff --git a/config/Makefile.am b/config/Makefile.am index 0199c4a7..4fbf3441 100644 --- a/config/Makefile.am +++ b/config/Makefile.am @@ -1,15 +1,16 @@ ## Makefile.am for config/ +SUBDIRS = pam + SUFFIXES = .tmpl . GENFILES = afpd.conf AppleVolumes.default TMPLFILES = afpd.conf.tmpl AppleVolumes.default.tmpl CONFFILES = AppleVolumes.system \ atalkd.conf netatalk.conf papd.conf -PAMFILES = netatalk.pamd OVERWRITE_CONFIG = @OVERWRITE_CONFIG@ -EXTRA_DIST = $(CONFFILES) $(TMPLFILES) $(PAMFILES) +EXTRA_DIST = $(CONFFILES) $(TMPLFILES) CLEANFILES = $(GENFILES) @@ -103,40 +104,3 @@ install-webmin: bootscript=netamin \ ./setup.sh > /dev/null; \ fi - -# -# pluggable authentication modules support -# - -if USE_PAM - -pamdir = @PAMDIR@/etc/pam.d - -install-data-local: install-config-files install-webmin $(PAMFILES) - $(mkinstalldirs) $(DESTDIR)$(pamdir) - if test "x$(OVERWRITE_CONFIG)" = "xyes" -o ! -f $(DESTDIR)$(pamdir)/netatalk; then \ - echo "$(INSTALL_DATA) $$f $(DESTDIR)$(pamdir)/netatalk"; \ - $(INSTALL_DATA) netatalk.pamd $(DESTDIR)$(pamdir)/netatalk || echo "WARNING: Can't install PAM files"; \ - else \ - echo "not overwriting $(DESTDIR)$(pamdir)/netatalk"; \ - fi; - -uninstall-local: - echo rm -f $(DESTDIR)$(pamdir)/netatalk; \ - rm -f $(DESTDIR)$(pamdir)/netatalk; \ - for f in $(CONFFILES) $(GENFILES); do \ - echo rm -f $(DESTDIR)$(pkgconfdir)/$$f; \ - rm -f $(DESTDIR)$(pkgconfdir)/$$f; \ - done - -else - -install-data-local: install-config-files install-webmin - -uninstall-local: - for f in $(CONFFILES) $(GENFILES); do \ - echo rm -f $(DESTDIR)$(pkgconfdir)/$$f; \ - rm -f $(DESTDIR)$(pkgconfdir)/$$f; \ - done - -endif diff --git a/config/netatalk.pamd b/config/netatalk.pamd deleted file mode 100644 index 21981c67..00000000 --- a/config/netatalk.pamd +++ /dev/null @@ -1,6 +0,0 @@ -#%PAM-1.0 -auth required pam_unix.so -account required pam_unix.so -#password required pam_cracklib.so -#password required pam_unix.so use_authtok -session required pam_unix.so diff --git a/config/pam/.cvsignore b/config/pam/.cvsignore new file mode 100644 index 00000000..ff906efa --- /dev/null +++ b/config/pam/.cvsignore @@ -0,0 +1,3 @@ +Makefile +Makefile.in +netatalk.pam \ No newline at end of file diff --git a/config/pam/Makefile.am b/config/pam/Makefile.am new file mode 100644 index 00000000..fd96fccf --- /dev/null +++ b/config/pam/Makefile.am @@ -0,0 +1,34 @@ +## Makefile for distrib/pam/ + +SUFFIXES = .tmpl . +pamdir = @PAMDIR@/etc/pam.d +EXTRA_DIST = netatalk.pam.tmpl +noinst_SCRIPTS = netatalk.pam +CLEANFILES = netatalk.pam + +.tmpl: + sed -e "s,[@]PAM_DIRECTIVE[@],${PAM_DIRECTIVE},g" \ + -e "s,[@]PAM_AUTH[@],${PAM_AUTH}," \ + -e "s,[@]PAM_ACCOUNT[@],${PAM_ACCOUNT}," \ + -e "s,[@]PAM_PASSWORD[@],${PAM_PASSWORD}," \ + -e "s,[@]PAM_SESSION[@],${PAM_SESSION}," \ + <$< >$@ + +if USE_PAM +install-data-local: netatalk.pam + $(mkinstalldirs) $(DESTDIR)$(pamdir) + if test "x$(OVERWRITE_CONFIG)" = "xyes" -o ! -f $(DESTDIR)$(pamdir)/netatalk; then \ + echo "$(INSTALL_DATA) $$f $(DESTDIR)$(pamdir)/netatalk"; \ + $(INSTALL_DATA) netatalk.pam $(DESTDIR)$(pamdir)/netatalk || echo "WARNING: Can't install PAM files"; \ + else \ + echo "not overwriting $(DESTDIR)$(pamdir)/netatalk"; \ + fi; + +uninstall-local: + echo rm -f $(DESTDIR)$(pamdir)/netatalk; \ + rm -f $(DESTDIR)$(pamdir)/netatalk; \ + for f in $(CONFFILES) $(GENFILES); do \ + echo rm -f $(DESTDIR)$(pkgconfdir)/$$f; \ + rm -f $(DESTDIR)$(pkgconfdir)/$$f; \ + done +endif diff --git a/config/pam/netatalk.pam.tmpl b/config/pam/netatalk.pam.tmpl new file mode 100644 index 00000000..1eceba37 --- /dev/null +++ b/config/pam/netatalk.pam.tmpl @@ -0,0 +1,5 @@ +#%PAM-1.0 +auth @PAM_DIRECTIVE@ @PAM_AUTH@ +account @PAM_DIRECTIVE@ @PAM_ACCOUNT@ +password @PAM_DIRECTIVE@ @PAM_PASSWORD@ +session @PAM_DIRECTIVE@ @PAM_SESSION@ diff --git a/configure.in b/configure.in index 25ccb4de..a8fe014d 100644 --- a/configure.in +++ b/configure.in @@ -1,4 +1,4 @@ -dnl $Id: configure.in,v 1.229 2009-11-23 10:20:15 franklahm Exp $ +dnl $Id: configure.in,v 1.230 2009-11-23 18:29:50 franklahm Exp $ dnl configure.in for netatalk AC_INIT(etc/afpd/main.c) @@ -1200,6 +1200,7 @@ AC_OUTPUT([Makefile bin/psorder/Makefile bin/uniconv/Makefile config/Makefile + config/pam/Makefile contrib/Makefile contrib/acltests/Makefile contrib/macusers/Makefile diff --git a/macros/pam-check.m4 b/macros/pam-check.m4 index ac4ffc60..f900cd45 100644 --- a/macros/pam-check.m4 +++ b/macros/pam-check.m4 @@ -1,4 +1,4 @@ -dnl $Id: pam-check.m4,v 1.3 2005-04-28 20:50:05 bfernhomberg Exp $ +dnl $Id: pam-check.m4,v 1.4 2009-11-23 18:29:50 franklahm Exp $ dnl PAM finding macro AC_DEFUN([AC_PATH_PAM], [ @@ -72,6 +72,37 @@ AC_DEFUN([AC_PATH_PAM], [ if test x"$pam_found" = "xyes" -a "x$PAMDIR" = "xNONE"; then AC_MSG_WARN([PAM support can be compiled, but the install location for the netatalk.pamd file could not be determined. Either install this file by hand or specify the install path.]) netatalk_cv_install_pam=no + else + dnl Check for some system|common auth file + AC_MSG_CHECKING([for includable common PAM config]) + pampath="${PAMDIR}etc/pam.d" + dnl Debian/SuSE + if test -f "$pampath/common-auth" ; then + PAM_DIRECTIVE=include + PAM_AUTH=common-auth + PAM_ACCOUNT=common-account + PAM_PASSWORD=common-password + PAM_SESSION=common-session + dnl RHEL/FC + elif test -f "$pampath/system-auth" ; then + PAM_DIRECTIVE=include + PAM_AUTH=system-auth + PAM_ACCOUNT=system-auth + PAM_PASSWORD=system-auth + PAM_SESSION=system-auth + else + PAM_DIRECTIVE=required + PAM_AUTH=pam_unix.so + PAM_ACCOUNT=pam_unix.so + PAM_PASSWORD="pam_unix.so use_authtok" + PAM_SESSION=pam_unix.so + fi + + if test "x$PAM_DIRECTIVE" != "xrequired" ; then + AC_MSG_RESULT([yes ($PAM_DIRECTIVE $PAM_AUTH)]) + else + AC_MSG_RESULT([no (using defaut pam_unix.so)]) + fi fi AC_MSG_CHECKING([whether to enable PAM support]) @@ -92,4 +123,9 @@ AC_DEFUN([AC_PATH_PAM], [ AC_SUBST(PAMDIR) AC_SUBST(PAM_CFLAGS) AC_SUBST(PAM_LIBS) + AC_SUBST(PAM_DIRECTIVE) + AC_SUBST(PAM_AUTH) + AC_SUBST(PAM_ACCOUNT) + AC_SUBST(PAM_PASSWORD) + AC_SUBST(PAM_SESSION) ])