From 2cc5de847cec6868408550b2973faaf1381f7834 Mon Sep 17 00:00:00 2001
From: Diego Elio 'Flameeyes' Pettenò <flameeyes@gmail.com>
Date: Wed, 10 Mar 2010 01:29:35 +0100
Subject: Improve handling of services and the session chain.

The system-services stack will now provide auth (always permitted) and
account (use system-auth stack) chains, so that services like fcron can use
it.

Session handling is instead split out of system-auth and system-services
into not a stack but an included file providing the session chain for both
of them, this allows to edit a single file in pambase and provide the two
session chains, that might very well be separated (indeed, services don't
use pam_ssh).
---
 system-auth.in     | 16 ++--------------
 system-services.in | 18 +++++-------------
 system-session.inc | 13 +++++++++++++
 3 files changed, 20 insertions(+), 27 deletions(-)
 create mode 100644 system-session.inc

diff --git a/system-auth.in b/system-auth.in
index d8f525f..941d925 100644
--- a/system-auth.in
+++ b/system-auth.in
@@ -15,20 +15,8 @@ password	required	pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 D
 password	required	pam_passwdqc.so min=8,8,8,8,8 retry=3
 #endif
 password	required	pam_unix.so try_first_pass AUTHTOK nullok UNIX_EXTENDED_ENCRYPTION DEBUG
- 
-#if HAVE_LIMITS
-session		required	pam_limits.so DEBUG
-#endif
-#if HAVE_ENV
-session		required	pam_env.so DEBUG
-#endif
-#if HAVE_MKTEMP
-session		optional	pam_mktemp.so
-#endif
+
 #if HAVE_PAM_SSH
 session		optional	pam_ssh.so
 #endif
-#if SUPPORT_UNIX_SESSION
-session		required	pam_unix.so DEBUG
-#endif
-session		optional	pam_permit.so
+#include "system-session.inc"
diff --git a/system-services.in b/system-services.in
index 9d4aea1..00b6e43 100644
--- a/system-services.in
+++ b/system-services.in
@@ -1,13 +1,5 @@
-#if HAVE_LIMITS
-session		required	pam_limits.so DEBUG
-#endif
-#if HAVE_ENV
-session		required	pam_env.so DEBUG
-#endif
-#if HAVE_MKTEMP
-session		optional	pam_mktemp.so
-#endif
-#if SUPPORT_UNIX_SESSION
-session		required	pam_unix.so DEBUG
-#endif
-session		optional	pam_permit.so
+auth		sufficient	pam_permit.so
+
+account		include		system-auth
+
+#include "system-session.inc"
diff --git a/system-session.inc b/system-session.inc
new file mode 100644
index 0000000..9d4aea1
--- /dev/null
+++ b/system-session.inc
@@ -0,0 +1,13 @@
+#if HAVE_LIMITS
+session		required	pam_limits.so DEBUG
+#endif
+#if HAVE_ENV
+session		required	pam_env.so DEBUG
+#endif
+#if HAVE_MKTEMP
+session		optional	pam_mktemp.so
+#endif
+#if SUPPORT_UNIX_SESSION
+session		required	pam_unix.so DEBUG
+#endif
+session		optional	pam_permit.so
-- 
cgit v1.2.3-65-gdbad