Initial import of pambase package.

8 files changed, 112 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..d67404b
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+system-auth
+system-login
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..652b6d7
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,26 @@
+# Reset this to 'cpp' so it gets traditional syntax; cc -E will not work
+# properly.
+CPP=cpp
+
+# The pam.d file to create
+PAMD=system-auth system-login
+
+# Get this by default, even if I'd like avoid it...
+ifeq "$(IMPLEMENTATION)" ""
+IMPLEMENTATION=linux-pam
+endif
+
+PAMFLAGS = -include $(IMPLEMENTATION)-conf -include basic-conf
+
+ifeq "$(CRACKLIB)" "yes"
+PAMFLAGS += -DHAVE_CRACKLIB=1
+endif
+
+all: $(PAMD)
+
+$(PAMD): %: %.in
+	$(CPP) -traditional-cpp -P $(PAMFLAGS) $< -o $@
+	sed -i -e '/^$$/d' -e '/^\/\//d' $@
+
+clean:
+	rm -f $(PAMD) *~
diff --git a/README b/README
new file mode 100644
index 0000000..20f2e5e
--- /dev/null
+++ b/README
@@ -0,0 +1,8 @@
+This repository contains the PAM configuration base for Gentoo Linux
+and Gentoo FreeBSD, this mostly means the system-auth and system-login
+configuration file that provides the basic support for generical
+authentication for services, and console login (on tty or on various
+desktop managers).
+
+The Makefile manages the choice of optional features that will be
+enabled in the final file.
diff --git a/basic-conf b/basic-conf
new file mode 100644
index 0000000..c7110eb
--- /dev/null
+++ b/basic-conf
@@ -0,0 +1,20 @@
+// Only use_authtok (authentication token) when using cracklib or some other module
+// that checks for passwords.
+#if defined(HAVE_CRACKLIB)
+# define AUTHTOK use_authtok
+#else
+# define AUTHTOK
+#endif
+
+// Define DEBUG to an empty string unless it was required by the user
+#ifndef DEBUG
+#define DEBUG
+#endif
+
+#ifndef UNIX_EXTENDED_ENCRYPTION
+#define UNIX_EXTENDED_ENCRYPTION
+#endif
+
+#ifndef LIKEAUTH
+#define LIKEAUTH
+#endif
diff --git a/linux-pam-conf b/linux-pam-conf
new file mode 100644
index 0000000..095e4de
--- /dev/null
+++ b/linux-pam-conf
@@ -0,0 +1,8 @@
+#define HAVE_LIMITS	1
+#define HAVE_ENV	1
+#define HAVE_TALLY	1
+#define HAVE_ACCESS	1
+
+#define UNIX_EXTENDED_ENCRYPTION md5 shadow
+
+#define LIKEAUTH likeauth
diff --git a/openpam-conf b/openpam-conf
new file mode 100644
index 0000000..d01f7f1
--- /dev/null
+++ b/openpam-conf
@@ -0,0 +1,3 @@
+#if defined(HAVE_CRACKLIB)
+# error "pam_cracklib is only supported with Linux-PAM"
+#endif
diff --git a/system-auth.in b/system-auth.in
new file mode 100644
index 0000000..297e681
--- /dev/null
+++ b/system-auth.in
@@ -0,0 +1,22 @@
+#if HAVE_ENV
+auth		required	pam_env.so DEBUG
+#endif
+auth		sufficient	pam_unix.so try_first_pass LIKEAUTH nullok DEBUG
+auth		required	pam_deny.so
+ 
+account		required	pam_unix.so DEBUG
+ 
+#if HAVE_CRACKLIB
+password	required	pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 try_first_pass retry=3 DEBUG
+#endif
+password	sufficient	pam_unix.so try_first_pass AUTHTOK nullok UNIX_EXTENDED_ENCRYPTION DEBUG
+password	required	pam_deny.so
+ 
+#if HAVE_LIMITS
+session		required	pam_limits.so DEBUG
+#endif
+#if HAVE_ENV
+session		required	pam_env.so DEBUG
+#endif
+session		required	pam_unix.so DEBUG
+ 
diff --git a/system-login.in b/system-login.in
new file mode 100644
index 0000000..257c3eb
--- /dev/null
+++ b/system-login.in
@@ -0,0 +1,23 @@
+#if HAVE_TALLY
+auth		required	pam_tally.so file=/var/log/faillog onerr=succeed DEBUG
+#endif				
+auth		required	pam_shells.so DEBUG
+auth		required	pam_nologin.so DEBUG
+auth		include		system-auth
+ 				
+#if HAVE_ACCESS		
+account		required	pam_access.so DEBUG
+#endif				
+account		include		system-auth
+#if HAVE_TALLY		
+account		required	pam_tally.so file=/var/log/faillog onerr=succeed DEBUG
+#endif				
+ 
+password	include		system-auth
+ 
+#if HAVE_ENV			
+session		required	pam_env.so DEBUG
+#endif				
+session		optional	pam_lastlog.so DEBUG
+session		include		system-auth
+