From eeacb333a33d50034c1ace1bb293a9a04d76e617 Mon Sep 17 00:00:00 2001 From: James Knight Date: Fri, 19 Jun 2015 13:19:12 -0400 Subject: [PATCH] sudo: add optional pam support Configure the sudo utility to support PAM if the framework is enabled. [Peter: use install -D, reword commit message] Signed-off-by: James Knight Signed-off-by: Peter Korsgaard --- package/sudo/sudo.mk | 13 ++++++++++++- package/sudo/sudo.pam | 12 ++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 package/sudo/sudo.pam diff --git a/package/sudo/sudo.mk b/package/sudo/sudo.mk index a1a83289f6..10fbc88b34 100644 --- a/package/sudo/sudo.mk +++ b/package/sudo/sudo.mk @@ -16,9 +16,20 @@ SUDO_CONF_OPTS = \ --without-umask \ --with-logging=syslog \ --without-interfaces \ - --without-pam \ --with-env-editor +ifeq ($(BR2_PACKAGE_LINUX_PAM),y) +define SUDO_INSTALL_PAM_CONF + $(INSTALL) -D -m 0644 package/sudo/sudo.pam $(TARGET_DIR)/etc/pam.d/sudo +endef + +SUDO_DEPENDENCIES += linux-pam +SUDO_CONF_OPTS += --with-pam +SUDO_POST_INSTALL_TARGET_HOOKS += SUDO_INSTALL_PAM_CONF +else +SUDO_CONF_OPTS += --without-pam +endif + # mksigname/mksiglist needs to run on build host to generate source files define SUDO_BUILD_MKSIGNAME_MKSIGLIST_HOST $(MAKE) $(HOST_CONFIGURE_OPTS) \ diff --git a/package/sudo/sudo.pam b/package/sudo/sudo.pam new file mode 100644 index 0000000000..c6e6f20a08 --- /dev/null +++ b/package/sudo/sudo.pam @@ -0,0 +1,12 @@ +auth sufficient pam_rootok.so +auth required pam_wheel.so use_uid +auth required pam_env.so +auth required pam_unix.so nullok + +account required pam_unix.so + +password required pam_unix.so nullok + +session required pam_limits.so +session required pam_env.so +session required pam_unix.so