Commit Graph

77 Commits

Author SHA1 Message Date
Sergei Trofimovich
60e0187471 pam: fix pam_unix autohentication failures when ran as user
Commit d0c42dfa "pam: bind Linux-PAM locales from pam-specific folder
(upstream patch)" added autoreconfHook269 into one of the postPatch
phases.

This clobbered the change applied by `suid-wrapper-path.patch` as it was
patching Makefile.in.

As a result `nixosTests.sway` test started failing as:

    check pass; user unknown

Running `swaylock` on real system exhibited the same result.

As `suid-wrapper-path.patch` is clobbered we were running non-suid
version of `unix_chkpwd`:

    /nix/store/...-linux-pam-1.5.2/sbin/unix_chkpwd

instead of SUID-wrapped

    /run/wrappers/bin/unix_chkpw

The fix is trivial: move the patch from auto-generated file to
`Makefile.am`.

Discovered-by: Yureka
2023-11-11 09:54:04 +00:00
Sergei Trofimovich
d0c42dfaa7 pam: bind Linux-PAM locales from pam-specific folder (upstream patch)
Without the change `pam` packa looks up locales already registered via
`bindtextdomain()`:

- shadow: /nix/store/ymcln55n92xm25sk2pipqbcp5xghwc3j-shadow-4.13/share/locale/
- glibc: /nix/store/ibp4camsx1mlllwzh32yyqcq2r2xsy1a-glibc-2.37-8/share/locale

Note that there is no `pam` pne in the list.

The change adds extra lookup location:

- linux-pam: /nix/store/k1lvsb3vyw2ijk9naamnay5nwc4mibda-linux-pam-1.5.2/share/locale

Before the change:

    $ LANGUAGE=fi su
    Password:
    su: Authentication failure

After the change:

    $ LANGUAGE=fi ./result-su/bin/su
    Salasana:
    su: Tunnistautumisvirhe
2023-09-01 14:10:05 +01:00
s1341
f15f947cf5 pam: add sssd-ldap as a pam test 2023-05-09 18:13:45 +03:00
Martin Weinelt
909f394f28
pam: Make libxcrypt a non-optional dependency
Our PAM configuration now defaults to yescrypt, which requires
libxcrypt.
2023-03-13 07:54:27 +01:00
Franz Pletz
5df544acc2
pam: enable libxcrypt by default 2022-10-09 18:09:40 +02:00
Ryan Burns
eeae457c3b pam: fix cross-compilation from darwin
audit requires running linux-specific code during the build,
so it cannot be cross-compiled from darwin hosts. So we can only
enable audit support in pam when the buildPlatform is linux.
2022-02-16 17:22:16 -08:00
github-actions[bot]
189be4ddc1
Merge staging-next into staging 2022-01-29 00:02:04 +00:00
Vladimír Čunát
fd8f6de4b8 linux-pam: make it use SUID wrapped version of unix_ckpwd 2022-01-28 13:33:44 -08:00
R. RyanTM
27a9c1bae2 linux-pam: 1.5.1 -> 1.5.2 2022-01-28 20:19:41 +01:00
Winter
0715ef5968 linux-pam: don't create dangling symlink during build 2022-01-01 15:39:55 -05:00
Maciej Krüger
eeaf2004b0
pam: add audit dependency
This allows building the pam_tty_audit module, among others
2021-10-03 20:47:43 +02:00
Misha Gusarov
e3dd2def91 linux-pam: Optionally build with libxcrypt
This enables support for new password hashing functions in PAM.

A part of #112371.
2021-02-28 16:48:56 +00:00
Niklas Hambüchen
da899edeec pkgsStatic.linux-pam: Remove no longer necessary musl patches.
See https://github.com/NixOS/nixpkgs/pull/109906#issuecomment-775630916.

These Alpine patches:

    libpam-fix-build-with-eglibc-2.16.patch
    fix-compat.patch

were removed in:

    https://git.alpinelinux.org/aports/commit/main/linux-pam?id=9ba93cf3f515b4f0b9b3802b84d42c4e436afe8b
2021-02-10 23:06:15 +01:00
Jörg Thalheim
60d9784263
Merge pull request #109635 from mroi/patch-pam
linux-pam: fix cross compilation on Darwin
2021-02-03 05:42:45 +00:00
Peter Woodman
a51b7570d4
linux-pam: remove broken musl pam_exec patch
it looks like this build wasn't tested with musl-libc after upgrading to
1.5.1, and has been broken in this configuration since, as the removed
patch does not apply cleanly. the good news is it's been fixed upstream,
rendering it unnecessary.
2021-01-19 02:41:52 -05:00
Michael Roitzsch
fb876141d3 linux-pam: fix cross compilation on Darwin
A build-time tool is created, which requires libintl.h.
On Linux, libintl.h comes with glibc, but on Darwin, gettext is needed.
2021-01-17 15:35:34 +01:00
Ben Siraphob
16d91ee628 pkgs/os-specific: stdenv.lib -> lib 2021-01-17 23:26:08 +07:00
Profpatsch
4a7f99d55d treewide: with stdenv.lib; in meta -> with lib;
Part of: https://github.com/NixOS/nixpkgs/issues/108938

meta = with stdenv.lib;

is a widely used pattern. We want to slowly remove
the `stdenv.lib` indirection and encourage people
to use `lib` directly. Thus let’s start with the meta
field.

This used a rewriting script to mostly automatically
replace all occurances of this pattern, and add the
`lib` argument to the package header if it doesn’t
exist yet.

The script in its current form is available at
https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix
2021-01-11 10:38:22 +01:00
Frederik Rietdijk
a001d45ac2 pam.passthru.tests: add relevant nixos tests 2021-01-03 15:57:29 +01:00
Tim Steinbach
d703c1ef25 pam: 1.3.1 -> 1.5.1 2020-12-23 12:33:08 -05:00
Lila
7517299146
treewide: fix broken AlpineLinux repo links (#87892) 2020-05-15 16:58:27 +01:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Matthew Bauer
f746d8eb6e linux-pam: set sconfigdir to /etc for usage at runtime
So users don’t need to override the $out/etc/security files, we need
to manually set this to /etc. Override it in the install phase so that
we still get the example $out/etc/security files .

Fixes #76713
2019-12-30 16:25:16 -05:00
volth
46420bbaa3 treewide: name -> pname (easy cases) (#66585)
treewide replacement of

stdenv.mkDerivation rec {
  name = "*-${version}";
  version = "*";

to pname
2019-08-15 13:41:18 +01:00
Will Dietz
c6c8fe5583
Merge pull request #59747 from dtzWill/fix/pam-1.3.1-musl
libpam: fix w/musl after update to 1.3.1
2019-04-18 11:43:32 -05:00
Will Dietz
c260a8d063 libpam: fix w/musl after update to 1.3.1 2019-04-18 11:42:15 -05:00
Matthias Beyer
99a2cefdde pam: 1.3.0 -> 1.3.1
Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
2019-04-16 18:55:09 +02:00
John Ericson
0828e2d8c3 treewide: Remove usage of remaining redundant platform compatability stuff
Want to get this out of here for 18.09, so it can be deprecated
thereafter.
2018-08-30 17:20:32 -04:00
John Ericson
f2017c40ae Merge remote-tracking branch 'upstream/master' into staging 2018-05-14 22:53:10 -04:00
John Ericson
29b62e07d6 pam: Remove crossAttrs
It turns out none of this stuff is needed. The docs aren't evenly built
properly anyways so the build trivially succeeds either way, due to what
looks like upstream misunderstanding automake. If I try to build the
docs manually in a cross shell (before and after this change), there's a
make rule error such that some HTML files aren't even attempted to be
built and then a copy fails.

Even if this was all fixed, these been a good number of cross fixes
upstream getting them to use CC_FOR_BUILD and other good stuff, so I
doubt such hacks would be needed.

Progress towards #40531 and #33302.
2018-05-14 22:28:37 -04:00
Nikolay Amiantov
8460769e88 pam: build with userdb support 2018-04-26 13:56:17 +03:00
Jan Malakhovski
7438083a4d tree-wide: disable doCheck and doInstallCheck where it fails (the trivial part) 2018-04-25 04:18:46 +00:00
Will Dietz
22a5393041 pam: depsBuildBuild for buildPackages.stdenv.cc 2018-02-13 09:45:02 -06:00
Will Dietz
4aca016313 changes some targetPlatform to hostPlatform checks 2018-02-13 09:44:42 -06:00
Will Dietz
cb521f75a6 linux-pam: fix build w/musl 2018-02-13 09:44:36 -06:00
Ben Gamari
46c2e619e8 linux-pam: Add necessary build dependencies for cross-compilation
Ensure that we use the correct `ar` and add explicit dependency on the build CC.

(cherry picked from commit 5efb768011f6bce870f4ce814295a399d5a89c10)
2018-02-13 09:44:27 -06:00
Tuomas Tynkkynen
27a77af62f pam: 1.2.1 -> 1.3.0 2017-12-03 01:50:42 +02:00
Parnell Springmeyer
4aa0923009
Getting rid of the var indirection and using a bin path instead 2017-01-29 04:11:01 -06:00
Parnell Springmeyer
e92b8402b0
Addressing PR feedback 2017-01-28 20:48:03 -08:00
Parnell Springmeyer
98c058a1ee Adapting everything for the merged permissions wrappers work. 2016-09-01 19:21:06 -05:00
Vladimír Čunát
5227fb1dd5 Merge commit staging+systemd into closure-size
Many non-conflict problems weren't (fully) resolved in this commit yet.
2015-10-03 13:33:37 +02:00
William A. Kennington III
70a1e7afd8 pam: 1.2.0 -> 1.2.1
Fixes CVE-2015-3238
2015-07-19 12:22:51 -07:00
William A. Kennington III
5a117814b8 pam: 1.1.8 -> 1.2.0 2015-05-10 22:39:31 -07:00
Vladimír Čunát
5d26d83df2 pam: don't split modules
libpam seems to need a reference to the modules anyway.
2015-05-05 11:52:08 +02:00
Vladimír Čunát
a70180ba73 mutiout: make it builtin 2014-08-30 08:27:43 +02:00
Vladimír Čunát
fb59f27a43 WIP: getting good 2014-08-27 01:14:09 +02:00
Vladimír Čunát
96cec2a7bd Merge 'staging' into multiple-outputs
Conflicts:
	pkgs/applications/audio/flac/default.nix
	pkgs/build-support/gcc-wrapper/builder.sh
	pkgs/development/libraries/apr-util/default.nix
	pkgs/development/libraries/apr/default.nix
	pkgs/development/libraries/atk/default.nix
	pkgs/development/libraries/freetype/default.nix
	pkgs/development/libraries/gdk-pixbuf/default.nix
	pkgs/development/libraries/glib/default.nix
	pkgs/development/libraries/glibc/2.17/builder.sh
	pkgs/development/libraries/glibc/2.17/locales.nix
	pkgs/development/libraries/libjpeg/default.nix
	pkgs/development/libraries/libogg/default.nix
	pkgs/development/libraries/libsamplerate/default.nix
	pkgs/development/libraries/libtiff/default.nix
	pkgs/development/libraries/libvorbis/default.nix
	pkgs/development/libraries/mesa/default.nix
	pkgs/development/libraries/pango/default.nix
	pkgs/development/web/nodejs/default.nix
	pkgs/os-specific/linux/pam/default.nix
	pkgs/os-specific/linux/systemd/default.nix
	pkgs/stdenv/generic/setup.sh
	pkgs/stdenv/linux/default.nix
	pkgs/top-level/all-packages.nix
	pkgs/top-level/release-small.nix
2014-08-23 16:04:53 +02:00
Vladimír Čunát
07aaea85d4 pam: upstream patch to fix CVE-2014-2583 2014-05-03 21:30:48 +02:00
Eelco Dolstra
c21ef84810 linux-pam: Update to 1.1.8 2014-04-16 16:44:05 +02:00
Eelco Dolstra
1a0e87b19f pam: Split off the PAM modules
Clients of PAM can find the modules via /etc/pam.d.
2013-06-11 13:26:46 +02:00