jim.lai/OpenBMC
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Your Name
2026-04-23 17:07:55 +08:00
commit b7e39e063b
16725 changed files with 1625565 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
poky/meta/recipes-extended/pam/libpam/0001-examples-Replace-use-of-termio.h-with-termios.h.patch
+39
View File
@@ -0,0 +1,39 @@
From 9b96fcfa5748934b8b6a4db4ee25a5e3165905c0 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Sat, 1 Jul 2023 07:48:17 -0700
Subject: [PATCH] examples: Replace use of termio.h with termios.h
Fixes build with musl and makes it portable
Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/5374f677e4cae669eb9accf2449178b602e8a40a]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
examples/tty_conv.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/examples/tty_conv.c b/examples/tty_conv.c
index 23f0684..db22500 100644
--- a/examples/tty_conv.c
+++ b/examples/tty_conv.c
@@ -6,7 +6,8 @@
#include <string.h>
#include <errno.h>
#include <unistd.h>
-#include <termio.h>
+#include <termios.h>
+#include <sys/ioctl.h>
#include <security/pam_appl.h>
/***************************************
@@ -16,7 +17,7 @@
***************************************/
static void echoOff(int fd, int off)
{
- struct termio tty;
+ struct termios tty;
if (ioctl(fd, TCGETA, &tty) < 0)
{
fprintf(stderr, "TCGETA failed: %s\n", strerror(errno));
--
2.41.0
poky/meta/recipes-extended/pam/libpam/99_pam
+1
View File
@@ -0,0 +1 @@
d root root 0755 /run/sepermit none
poky/meta/recipes-extended/pam/libpam/libpam-xtests.patch
+37
View File
@@ -0,0 +1,37 @@
This patch is used to create a new sub package libpam-xtests to do more checks.
Upstream-Status: Pending
Signed-off-by: Kang Kai <kai.kang@windriver.com>
Index: Linux-PAM-1.3.0/xtests/Makefile.am
===================================================================
--- Linux-PAM-1.3.0.orig/xtests/Makefile.am
+++ Linux-PAM-1.3.0/xtests/Makefile.am
@@ -7,7 +7,7 @@ AM_CFLAGS = -DLIBPAM_COMPILE -I$(top_src
LDADD = $(top_builddir)/libpam/libpam.la \
$(top_builddir)/libpam_misc/libpam_misc.la
-CLEANFILES = *~ $(XTESTS)
+CLEANFILES = *~
EXTRA_DIST = run-xtests.sh tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \
tst-pam_dispatch3.pamd tst-pam_dispatch4.pamd \
@@ -51,3 +51,18 @@ EXTRA_PROGRAMS = $(XTESTS)
xtests: $(XTESTS) run-xtests.sh
"$(srcdir)"/run-xtests.sh "$(srcdir)" ${XTESTS} ${NOSRCTESTS}
+
+all: $(XTESTS)
+
+install: install_xtests
+
+install_xtests:
+ $(INSTALL) -d $(DESTDIR)$(pkgdatadir)/xtests
+ for file in $(EXTRA_DIST) ; do \
+ $(INSTALL) $(srcdir)/$$file $(DESTDIR)$(pkgdatadir)/xtests ; \
+ done
+ for file in $(XTESTS); do \
+ $(INSTALL) .libs/$$file $(DESTDIR)$(pkgdatadir)/xtests ; \
+ done
+
+.PHONY: all install_xtests
poky/meta/recipes-extended/pam/libpam/pam-volatiles.conf
+1
View File
@@ -0,0 +1 @@
d /run/sepermit 0755 root root - -
poky/meta/recipes-extended/pam/libpam/pam.d/common-account
+25
View File
@@ -0,0 +1,25 @@
#
# /etc/pam.d/common-account - authorization settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authorization modules that define
# the central access policy for use on the system. The default is to
# only deny service to users whose accounts are expired in /etc/shadow.
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules. See
# pam-auth-update(8) for details.
#
# here are the per-package modules (the "Primary" block)
account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
# here's the fallback if no module succeeds
account requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
account required pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config
poky/meta/recipes-extended/pam/libpam/pam.d/common-auth
+18
View File
@@ -0,0 +1,18 @@
#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
# here are the per-package modules (the "Primary" block)
auth [success=1 default=ignore] pam_unix.so nullok_secure
# here's the fallback if no module succeeds
auth requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth required pam_permit.so
# and here are more per-package modules (the "Additional" block)
poky/meta/recipes-extended/pam/libpam/pam.d/common-password
+23
View File
@@ -0,0 +1,23 @@
#
# /etc/pam.d/common-password - password-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define the services to be
# used to change user passwords. The default is pam_unix.
# Explanation of pam_unix options:
#
# The "sha512" option enables salted SHA512 passwords. Without this option,
# the default is Unix crypt. Prior releases used the option "md5".
#
# See the pam_unix manpage for other options.
# here are the per-package modules (the "Primary" block)
password [success=1 default=ignore] pam_unix.so sha512
# here's the fallback if no module succeeds
password requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
password required pam_permit.so
# and here are more per-package modules (the "Additional" block)
poky/meta/recipes-extended/pam/libpam/pam.d/common-session
+19
View File
@@ -0,0 +1,19 @@
#
# /etc/pam.d/common-session - session-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of sessions of *any* kind (both interactive and
# non-interactive).
#
# here are the per-package modules (the "Primary" block)
session [default=1] pam_permit.so
# here's the fallback if no module succeeds
session requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required pam_permit.so
# and here are more per-package modules (the "Additional" block)
session required pam_unix.so
poky/meta/recipes-extended/pam/libpam/pam.d/common-session-noninteractive
+19
View File
@@ -0,0 +1,19 @@
#
# /etc/pam.d/common-session-noninteractive - session-related modules
# common to all non-interactive services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of all non-interactive sessions.
#
# here are the per-package modules (the "Primary" block)
session [default=1] pam_permit.so
# here's the fallback if no module succeeds
session requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required pam_permit.so
# and here are more per-package modules (the "Additional" block)
session required pam_unix.so
poky/meta/recipes-extended/pam/libpam/pam.d/other
+24
View File
@@ -0,0 +1,24 @@
#
# /etc/pam.d/other - specify the PAM fallback behaviour
#
# Note that this file is used for any unspecified service; for example
#if /etc/pam.d/cron specifies no session modules but cron calls
#pam_open_session, the session module out of /etc/pam.d/other is
#used.
# We use pam_warn.so to generate syslog notes that the 'other'
#fallback rules are being used (as a hint to suggest you should setup
#specific PAM rules for the service and aid to debugging). Then to be
#secure, deny access to all services by default.
auth required pam_warn.so
auth required pam_deny.so
account required pam_warn.so
account required pam_deny.so
password required pam_warn.so
password required pam_deny.so
session required pam_warn.so
session required pam_deny.so
poky/meta/recipes-extended/pam/libpam/run-ptest
+32
View File
@@ -0,0 +1,32 @@
#! /bin/sh
cd tests
export srcdir=.
failed=0
all=0
for f in tst-*; do
"./$f" > /dev/null 2>&1
case "$?" in
0)
echo "PASS: $f"
all=$((all + 1))
;;
77)
echo "SKIP: $f"
;;
*)
echo "FAIL: $f"
failed=$((failed + 1))
all=$((all + 1))
;;
esac
done
if [ "$failed" -eq 0 ] ; then
echo "All $all tests passed"
else
echo "$failed of $all tests failed"
fi
unset srcdir
poky/meta/recipes-extended/pam/libpam_1.5.3.bb
+185
View File
@@ -0,0 +1,185 @@
DISABLE_STATIC = ""
SUMMARY = "Linux-PAM (Pluggable Authentication Modules)"
DESCRIPTION = "Linux-PAM (Pluggable Authentication Modules for Linux), a flexible mechanism for authenticating users"
HOMEPAGE = "https://fedorahosted.org/linux-pam/"
BUGTRACKER = "https://fedorahosted.org/linux-pam/newticket"
SECTION = "base"
# PAM is dual licensed under GPL and BSD.
# /etc/pam.d comes from Debian libpam-runtime in 2009-11 (at that time
# libpam-runtime-1.0.1 is GPL-2.0-or-later), by openembedded
LICENSE = "GPL-2.0-or-later | BSD-3-Clause"
LIC_FILES_CHKSUM = "file://COPYING;md5=7eb5c1bf854e8881005d673599ee74d3 \
file://libpamc/License;md5=a4da476a14c093fdc73be3c3c9ba8fb3 \
"
SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/Linux-PAM-${PV}.tar.xz \
file://99_pam \
file://pam.d/common-account \
file://pam.d/common-auth \
file://pam.d/common-password \
file://pam.d/common-session \
file://pam.d/common-session-noninteractive \
file://pam.d/other \
file://libpam-xtests.patch \
file://0001-examples-Replace-use-of-termio.h-with-termios.h.patch \
file://run-ptest \
file://pam-volatiles.conf \
"
SRC_URI[sha256sum] = "7ac4b50feee004a9fa88f1dfd2d2fa738a82896763050cd773b3c54b0a818283"
DEPENDS = "bison-native flex-native cracklib libxml2-native virtual/crypt"
EXTRA_OECONF = "--includedir=${includedir}/security \
--libdir=${base_libdir} \
--with-systemdunitdir=${systemd_system_unitdir} \
--disable-nis \
--disable-regenerate-docu \
--disable-doc \
--disable-prelude"
CFLAGS:append = " -fPIC "
S = "${WORKDIR}/Linux-PAM-${PV}"
inherit autotools gettext pkgconfig systemd ptest github-releases
PACKAGECONFIG ??= ""
PACKAGECONFIG[audit] = "--enable-audit,--disable-audit,audit,"
PACKAGECONFIG[userdb] = "--enable-db=db,--enable-db=no,db,"
PACKAGES += "${PN}-runtime ${PN}-xtests"
FILES:${PN} = "${base_libdir}/lib*${SOLIBS}"
FILES:${PN}-dev += "${base_libdir}/security/*.la ${base_libdir}/*.la ${base_libdir}/lib*${SOLIBSDEV}"
FILES:${PN}-runtime = "${sysconfdir} ${sbindir} ${systemd_system_unitdir}"
FILES:${PN}-xtests = "${datadir}/Linux-PAM/xtests"
PACKAGES_DYNAMIC += "^${MLPREFIX}pam-plugin-.*"
def get_multilib_bit(d):
baselib = d.getVar('baselib') or ''
return baselib.replace('lib', '')
libpam_suffix = "suffix${@get_multilib_bit(d)}"
RPROVIDES:${PN} += "${PN}-${libpam_suffix}"
RPROVIDES:${PN}-runtime += "${PN}-runtime-${libpam_suffix}"
RDEPENDS:${PN}-runtime = "${PN}-${libpam_suffix} \
${MLPREFIX}pam-plugin-deny-${libpam_suffix} \
${MLPREFIX}pam-plugin-permit-${libpam_suffix} \
${MLPREFIX}pam-plugin-warn-${libpam_suffix} \
${MLPREFIX}pam-plugin-unix-${libpam_suffix} \
"
RDEPENDS:${PN}-xtests = "${PN}-${libpam_suffix} \
${MLPREFIX}pam-plugin-access-${libpam_suffix} \
${MLPREFIX}pam-plugin-debug-${libpam_suffix} \
${MLPREFIX}pam-plugin-pwhistory-${libpam_suffix} \
${MLPREFIX}pam-plugin-succeed-if-${libpam_suffix} \
${MLPREFIX}pam-plugin-time-${libpam_suffix} \
bash coreutils"
# FIXME: Native suffix breaks here, disable it for now
RRECOMMENDS:${PN} = "${PN}-runtime-${libpam_suffix}"
RRECOMMENDS:${PN}:class-native = ""
python populate_packages:prepend () {
def pam_plugin_hook(file, pkg, pattern, format, basename):
pn = d.getVar('PN')
libpam_suffix = d.getVar('libpam_suffix')
rdeps = d.getVar('RDEPENDS:' + pkg)
if rdeps:
rdeps = rdeps + " " + pn + "-" + libpam_suffix
else:
rdeps = pn + "-" + libpam_suffix
d.setVar('RDEPENDS:' + pkg, rdeps)
provides = d.getVar('RPROVIDES:' + pkg)
if provides:
provides = provides + " " + pkg + "-" + libpam_suffix
else:
provides = pkg + "-" + libpam_suffix
d.setVar('RPROVIDES:' + pkg, provides)
mlprefix = d.getVar('MLPREFIX') or ''
dvar = d.expand('${WORKDIR}/package')
pam_libdir = d.expand('${base_libdir}/security')
pam_sbindir = d.expand('${sbindir}')
pam_filterdir = d.expand('${base_libdir}/security/pam_filter')
pam_pkgname = mlprefix + 'pam-plugin%s'
do_split_packages(d, pam_libdir, r'^pam(.*)\.so$', pam_pkgname,
'PAM plugin for %s', hook=pam_plugin_hook, extra_depends='')
do_split_packages(d, pam_filterdir, r'^(.*)$', 'pam-filter-%s', 'PAM filter for %s', extra_depends='')
}
do_compile_ptest() {
cd tests
sed -i -e 's/$(MAKE) $(AM_MAKEFLAGS) check-TESTS//' Makefile
oe_runmake check-am
cd -
}
do_install() {
autotools_do_install
# don't install /var/run when populating rootfs. Do it through volatile
rm -rf ${D}${localstatedir}
if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','false','true',d)}; then
rm -rf ${D}${sysconfdir}/init.d/
rm -rf ${D}${sysconfdir}/rc*
install -d ${D}${sysconfdir}/tmpfiles.d
install -m 0644 ${WORKDIR}/pam-volatiles.conf \
${D}${sysconfdir}/tmpfiles.d/pam.conf
else
install -d ${D}${sysconfdir}/default/volatiles
install -m 0644 ${WORKDIR}/99_pam \
${D}${sysconfdir}/default/volatiles/
fi
install -d ${D}${sysconfdir}/pam.d/
install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
# The lsb requires unix_chkpwd has setuid permission
chmod 4755 ${D}${sbindir}/unix_chkpwd
if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
echo "session optional pam_systemd.so" >> ${D}${sysconfdir}/pam.d/common-session
fi
if ${@bb.utils.contains('DISTRO_FEATURES','usrmerge','false','true',d)}; then
install -d ${D}/${libdir}/
mv ${D}/${base_libdir}/pkgconfig ${D}/${libdir}/
fi
}
do_install_ptest() {
if [ ${PTEST_ENABLED} = "1" ]; then
mkdir -p ${D}${PTEST_PATH}/tests
install -m 0755 ${B}/tests/.libs/* ${D}${PTEST_PATH}/tests
install -m 0644 ${S}/tests/confdir ${D}${PTEST_PATH}/tests
fi
}
pkg_postinst:${PN}() {
if [ -z "$D" ] && [ -e /etc/init.d/populate-volatile.sh ] ; then
/etc/init.d/populate-volatile.sh update
fi
}
inherit features_check
REQUIRED_DISTRO_FEATURES = "pam"
BBCLASSEXTEND = "nativesdk native"
CONFFILES:${PN}-runtime += "${sysconfdir}/pam.d/common-session"
CONFFILES:${PN}-runtime += "${sysconfdir}/pam.d/common-auth"
CONFFILES:${PN}-runtime += "${sysconfdir}/pam.d/common-password"
CONFFILES:${PN}-runtime += "${sysconfdir}/pam.d/common-session-noninteractive"
CONFFILES:${PN}-runtime += "${sysconfdir}/pam.d/common-account"
CONFFILES:${PN}-runtime += "${sysconfdir}/security/limits.conf"
GITHUB_BASE_URI = "https://github.com/linux-pam/linux-pam/releases"
CVE_PRODUCT = "linux-pam"