From: Duncan Overbruck Date: Thu, 28 Jan 2021 23:00:23 +0000 (+0100) Subject: remove pam.d configuration files X-Git-Tag: v6.9~9 X-Git-Url: https://git.armaanb.net/?p=opendoas.git;a=commitdiff_plain;h=cfa9f0d3b306d6c1287ec4f2aa42be29de66c9de remove pam.d configuration files pam configuration files are not portable, its the job of the package maintainer or user who builds opendoas themselves to configure pam in a safe and usable way. --- diff --git a/GNUmakefile b/GNUmakefile index 9470202..2eef88e 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -15,16 +15,13 @@ OBJS:= ${OBJS:.c=.o} ${PROG}: ${OBJS} ${CC} ${CFLAGS} $^ -o $@ ${LDFLAGS} ${LDLIBS} -install: ${PROG} ${PAM_DOAS} ${MAN} +install: ${PROG} ${MAN} mkdir -p -m 0755 ${DESTDIR}${BINDIR} - [ -n "${PAM_DOAS}" ] && mkdir -p -m 0755 ${DESTDIR}${PAMDIR} || true mkdir -p -m 0755 ${DESTDIR}${MANDIR}/man1 mkdir -p -m 0755 ${DESTDIR}${MANDIR}/man5 cp -f ${PROG} ${DESTDIR}${BINDIR} chown ${BINOWN}:${BINGRP} ${DESTDIR}${BINDIR}/${PROG} chmod ${BINMODE} ${DESTDIR}${BINDIR}/${PROG} - [ -n "${PAM_DOAS}" ] && cp ${PAM_DOAS} ${DESTDIR}${PAMDIR}/doas || true - [ -n "${PAM_DOAS}" ] && chmod 0644 ${DESTDIR}${PAMDIR}/doas || true cp -f doas.1 ${DESTDIR}${MANDIR}/man1 cp -f doas.conf.5 ${DESTDIR}${MANDIR}/man5 diff --git a/README.md b/README.md index 20ef9f2..3498f1c 100644 --- a/README.md +++ b/README.md @@ -29,6 +29,18 @@ from openssh (`readpassphrase.c`) or from sudo (`closefrom.c`). The PAM and shadow authentication code does not come from the OpenBSD project. +### pam configuration + +I will not ship pam configuration files, they are distribution specific and +its simply not safe or productive to ship and install those files. + +If you want to use opendoas on your system and there is no package that +ships with a working pam configuration file, then you have to write and +test it yourself. + +A good starting point is probably the distribution maintained `/etc/pam.d/sudo` +file. + ### Perist/Timestamp/Timeout The persist feature is disabled by default and can be enabled with the configure diff --git a/configure b/configure index 1c5d989..1f92f01 100755 --- a/configure +++ b/configure @@ -15,7 +15,6 @@ usage: configure [options] --datadir=DIR architecture-independent data files [PREFIX/share] --mandir=DIR manual pages [DATADIR/man] --sysconfdir=DIR directory for configuration files [/etc] - --pamdir=DIR PAM directory [SYSCONFDIR/pam.d] --build=build-alias a cpu-vendor-opsys for the system where the application will be built --host=host-alias a cpu-vendor-opsys for the system where the application will run @@ -52,7 +51,6 @@ for x; do --datadir) SHAREDIR=$var ;; --mandir) MANDIR=$var ;; --sysconfdir) SYSCONFDIR=$var ;; - --pamdir) PAMDIR=$var ;; --build) BUILD=$var ;; --host) HOST=$var ;; --target) TARGET=$var ;; @@ -134,7 +132,6 @@ esac : ${SHAREDIR:=${PREFIX}/share} : ${MANDIR:=${SHAREDIR}/man} : ${SYSCONFDIR:=/etc} -: ${PAMDIR:=${SYSCONFDIR}/pam.d} : ${BINMODE:=4755} : ${BINOWN:=root} : ${BINGRP:=root} @@ -146,7 +143,6 @@ BINDIR ?= ${BINDIR} SHAREDIR ?= ${SHAREDIR} MANDIR ?= ${MANDIR} SYSCONFDIR?= ${SYSCONFDIR} -PAMDIR ?= ${PAMDIR} BINMODE ?= ${BINMODE} BINOWN ?= ${BINOWN} BINGRP ?= ${BINGRP} @@ -203,9 +199,6 @@ int main(void) { printf 'LDLIBS += -lpam\n' >>$CONFIG_MK printf '#define USE_PAM\n' >>$CONFIG_H printf 'pam\n' - - pam_file="pam.d__doas__${OS}" - [ -e "$pam_file" ] && printf 'PAM_DOAS = %s\n' "$pam_file" >>$CONFIG_MK return 0 } diff --git a/pam.d__doas__darwin b/pam.d__doas__darwin deleted file mode 100644 index 87551fb..0000000 --- a/pam.d__doas__darwin +++ /dev/null @@ -1,5 +0,0 @@ -# sudo: auth account password session -auth required pam_opendirectory.so -account required pam_permit.so -password required pam_deny.so -session required pam_permit.so diff --git a/pam.d__doas__linux b/pam.d__doas__linux deleted file mode 100644 index 98707ef..0000000 --- a/pam.d__doas__linux +++ /dev/null @@ -1,4 +0,0 @@ -#%PAM-1.0 -auth include system-auth -account include system-auth -session include system-auth