Sergei Trofimovich
60e0187471
pam: fix pam_unix autohentication failures when ran as user
...
Commit d0c42dfa
"pam: bind Linux-PAM locales from pam-specific folder
(upstream patch)" added autoreconfHook269 into one of the postPatch
phases.
This clobbered the change applied by `suid-wrapper-path.patch` as it was
patching Makefile.in.
As a result `nixosTests.sway` test started failing as:
check pass; user unknown
Running `swaylock` on real system exhibited the same result.
As `suid-wrapper-path.patch` is clobbered we were running non-suid
version of `unix_chkpwd`:
/nix/store/...-linux-pam-1.5.2/sbin/unix_chkpwd
instead of SUID-wrapped
/run/wrappers/bin/unix_chkpw
The fix is trivial: move the patch from auto-generated file to
`Makefile.am`.
Discovered-by: Yureka
2023-11-11 09:54:04 +00:00
Sergei Trofimovich
d0c42dfaa7
pam: bind Linux-PAM locales from pam-specific folder (upstream patch)
...
Without the change `pam` packa looks up locales already registered via
`bindtextdomain()`:
- shadow: /nix/store/ymcln55n92xm25sk2pipqbcp5xghwc3j-shadow-4.13/share/locale/
- glibc: /nix/store/ibp4camsx1mlllwzh32yyqcq2r2xsy1a-glibc-2.37-8/share/locale
Note that there is no `pam` pne in the list.
The change adds extra lookup location:
- linux-pam: /nix/store/k1lvsb3vyw2ijk9naamnay5nwc4mibda-linux-pam-1.5.2/share/locale
Before the change:
$ LANGUAGE=fi su
Password:
su: Authentication failure
After the change:
$ LANGUAGE=fi ./result-su/bin/su
Salasana:
su: Tunnistautumisvirhe
2023-09-01 14:10:05 +01:00
s1341
f15f947cf5
pam: add sssd-ldap as a pam test
2023-05-09 18:13:45 +03:00
Martin Weinelt
909f394f28
pam: Make libxcrypt a non-optional dependency
...
Our PAM configuration now defaults to yescrypt, which requires
libxcrypt.
2023-03-13 07:54:27 +01:00
Franz Pletz
5df544acc2
pam: enable libxcrypt by default
2022-10-09 18:09:40 +02:00
Ryan Burns
eeae457c3b
pam: fix cross-compilation from darwin
...
audit requires running linux-specific code during the build,
so it cannot be cross-compiled from darwin hosts. So we can only
enable audit support in pam when the buildPlatform is linux.
2022-02-16 17:22:16 -08:00
github-actions[bot]
189be4ddc1
Merge staging-next into staging
2022-01-29 00:02:04 +00:00
Vladimír Čunát
fd8f6de4b8
linux-pam: make it use SUID wrapped version of unix_ckpwd
2022-01-28 13:33:44 -08:00
R. RyanTM
27a9c1bae2
linux-pam: 1.5.1 -> 1.5.2
2022-01-28 20:19:41 +01:00
Winter
0715ef5968
linux-pam: don't create dangling symlink during build
2022-01-01 15:39:55 -05:00
Maciej Krüger
eeaf2004b0
pam: add audit dependency
...
This allows building the pam_tty_audit module, among others
2021-10-03 20:47:43 +02:00
Misha Gusarov
e3dd2def91
linux-pam: Optionally build with libxcrypt
...
This enables support for new password hashing functions in PAM.
A part of #112371 .
2021-02-28 16:48:56 +00:00
Niklas Hambüchen
da899edeec
pkgsStatic.linux-pam: Remove no longer necessary musl patches.
...
See https://github.com/NixOS/nixpkgs/pull/109906#issuecomment-775630916 .
These Alpine patches:
libpam-fix-build-with-eglibc-2.16.patch
fix-compat.patch
were removed in:
https://git.alpinelinux.org/aports/commit/main/linux-pam?id=9ba93cf3f515b4f0b9b3802b84d42c4e436afe8b
2021-02-10 23:06:15 +01:00
Jörg Thalheim
60d9784263
Merge pull request #109635 from mroi/patch-pam
...
linux-pam: fix cross compilation on Darwin
2021-02-03 05:42:45 +00:00
Peter Woodman
a51b7570d4
linux-pam: remove broken musl pam_exec patch
...
it looks like this build wasn't tested with musl-libc after upgrading to
1.5.1, and has been broken in this configuration since, as the removed
patch does not apply cleanly. the good news is it's been fixed upstream,
rendering it unnecessary.
2021-01-19 02:41:52 -05:00
Michael Roitzsch
fb876141d3
linux-pam: fix cross compilation on Darwin
...
A build-time tool is created, which requires libintl.h.
On Linux, libintl.h comes with glibc, but on Darwin, gettext is needed.
2021-01-17 15:35:34 +01:00
Ben Siraphob
16d91ee628
pkgs/os-specific: stdenv.lib -> lib
2021-01-17 23:26:08 +07:00
Profpatsch
4a7f99d55d
treewide: with stdenv.lib; in meta -> with lib;
...
Part of: https://github.com/NixOS/nixpkgs/issues/108938
meta = with stdenv.lib;
is a widely used pattern. We want to slowly remove
the `stdenv.lib` indirection and encourage people
to use `lib` directly. Thus let’s start with the meta
field.
This used a rewriting script to mostly automatically
replace all occurances of this pattern, and add the
`lib` argument to the package header if it doesn’t
exist yet.
The script in its current form is available at
https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix
2021-01-11 10:38:22 +01:00
Frederik Rietdijk
a001d45ac2
pam.passthru.tests: add relevant nixos tests
2021-01-03 15:57:29 +01:00
Tim Steinbach
d703c1ef25
pam: 1.3.1 -> 1.5.1
2020-12-23 12:33:08 -05:00
Lila
7517299146
treewide: fix broken AlpineLinux repo links ( #87892 )
2020-05-15 16:58:27 +01:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs
2020-04-10 17:54:53 +01:00
Matthew Bauer
f746d8eb6e
linux-pam: set sconfigdir to /etc for usage at runtime
...
So users don’t need to override the $out/etc/security files, we need
to manually set this to /etc. Override it in the install phase so that
we still get the example $out/etc/security files .
Fixes #76713
2019-12-30 16:25:16 -05:00
volth
46420bbaa3
treewide: name -> pname (easy cases) ( #66585 )
...
treewide replacement of
stdenv.mkDerivation rec {
name = "*-${version}";
version = "*";
to pname
2019-08-15 13:41:18 +01:00
Will Dietz
c6c8fe5583
Merge pull request #59747 from dtzWill/fix/pam-1.3.1-musl
...
libpam: fix w/musl after update to 1.3.1
2019-04-18 11:43:32 -05:00
Will Dietz
c260a8d063
libpam: fix w/musl after update to 1.3.1
2019-04-18 11:42:15 -05:00
Matthias Beyer
99a2cefdde
pam: 1.3.0 -> 1.3.1
...
Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
2019-04-16 18:55:09 +02:00
John Ericson
0828e2d8c3
treewide: Remove usage of remaining redundant platform compatability stuff
...
Want to get this out of here for 18.09, so it can be deprecated
thereafter.
2018-08-30 17:20:32 -04:00
John Ericson
f2017c40ae
Merge remote-tracking branch 'upstream/master' into staging
2018-05-14 22:53:10 -04:00
John Ericson
29b62e07d6
pam: Remove crossAttrs
...
It turns out none of this stuff is needed. The docs aren't evenly built
properly anyways so the build trivially succeeds either way, due to what
looks like upstream misunderstanding automake. If I try to build the
docs manually in a cross shell (before and after this change), there's a
make rule error such that some HTML files aren't even attempted to be
built and then a copy fails.
Even if this was all fixed, these been a good number of cross fixes
upstream getting them to use CC_FOR_BUILD and other good stuff, so I
doubt such hacks would be needed.
Progress towards #40531 and #33302 .
2018-05-14 22:28:37 -04:00
Nikolay Amiantov
8460769e88
pam: build with userdb support
2018-04-26 13:56:17 +03:00
Jan Malakhovski
7438083a4d
tree-wide: disable doCheck
and doInstallCheck
where it fails (the trivial part)
2018-04-25 04:18:46 +00:00
Will Dietz
22a5393041
pam: depsBuildBuild for buildPackages.stdenv.cc
2018-02-13 09:45:02 -06:00
Will Dietz
4aca016313
changes some targetPlatform to hostPlatform checks
2018-02-13 09:44:42 -06:00
Will Dietz
cb521f75a6
linux-pam: fix build w/musl
2018-02-13 09:44:36 -06:00
Ben Gamari
46c2e619e8
linux-pam: Add necessary build dependencies for cross-compilation
...
Ensure that we use the correct `ar` and add explicit dependency on the build CC.
(cherry picked from commit 5efb768011f6bce870f4ce814295a399d5a89c10)
2018-02-13 09:44:27 -06:00
Tuomas Tynkkynen
27a77af62f
pam: 1.2.1 -> 1.3.0
2017-12-03 01:50:42 +02:00
Parnell Springmeyer
4aa0923009
Getting rid of the var indirection and using a bin path instead
2017-01-29 04:11:01 -06:00
Parnell Springmeyer
e92b8402b0
Addressing PR feedback
2017-01-28 20:48:03 -08:00
Parnell Springmeyer
98c058a1ee
Adapting everything for the merged permissions wrappers work.
2016-09-01 19:21:06 -05:00
Vladimír Čunát
5227fb1dd5
Merge commit staging+systemd into closure-size
...
Many non-conflict problems weren't (fully) resolved in this commit yet.
2015-10-03 13:33:37 +02:00
William A. Kennington III
70a1e7afd8
pam: 1.2.0 -> 1.2.1
...
Fixes CVE-2015-3238
2015-07-19 12:22:51 -07:00
William A. Kennington III
5a117814b8
pam: 1.1.8 -> 1.2.0
2015-05-10 22:39:31 -07:00
Vladimír Čunát
5d26d83df2
pam: don't split modules
...
libpam seems to need a reference to the modules anyway.
2015-05-05 11:52:08 +02:00
Vladimír Čunát
a70180ba73
mutiout: make it builtin
2014-08-30 08:27:43 +02:00
Vladimír Čunát
fb59f27a43
WIP: getting good
2014-08-27 01:14:09 +02:00
Vladimír Čunát
96cec2a7bd
Merge 'staging' into multiple-outputs
...
Conflicts:
pkgs/applications/audio/flac/default.nix
pkgs/build-support/gcc-wrapper/builder.sh
pkgs/development/libraries/apr-util/default.nix
pkgs/development/libraries/apr/default.nix
pkgs/development/libraries/atk/default.nix
pkgs/development/libraries/freetype/default.nix
pkgs/development/libraries/gdk-pixbuf/default.nix
pkgs/development/libraries/glib/default.nix
pkgs/development/libraries/glibc/2.17/builder.sh
pkgs/development/libraries/glibc/2.17/locales.nix
pkgs/development/libraries/libjpeg/default.nix
pkgs/development/libraries/libogg/default.nix
pkgs/development/libraries/libsamplerate/default.nix
pkgs/development/libraries/libtiff/default.nix
pkgs/development/libraries/libvorbis/default.nix
pkgs/development/libraries/mesa/default.nix
pkgs/development/libraries/pango/default.nix
pkgs/development/web/nodejs/default.nix
pkgs/os-specific/linux/pam/default.nix
pkgs/os-specific/linux/systemd/default.nix
pkgs/stdenv/generic/setup.sh
pkgs/stdenv/linux/default.nix
pkgs/top-level/all-packages.nix
pkgs/top-level/release-small.nix
2014-08-23 16:04:53 +02:00
Vladimír Čunát
07aaea85d4
pam: upstream patch to fix CVE-2014-2583
2014-05-03 21:30:48 +02:00
Eelco Dolstra
c21ef84810
linux-pam: Update to 1.1.8
2014-04-16 16:44:05 +02:00
Eelco Dolstra
1a0e87b19f
pam: Split off the PAM modules
...
Clients of PAM can find the modules via /etc/pam.d.
2013-06-11 13:26:46 +02:00