From eb8dc40360f0cfef56fb6947cc817a547d6d9bc6 Mon Sep 17 00:00:00 2001 From: Dave Cobbley Date: Tue, 14 Aug 2018 10:05:37 -0700 Subject: [Subtree] Removing import-layers directory As part of the move to subtrees, need to bring all the import layers content to the top level. Change-Id: I4a163d10898cbc6e11c27f776f60e1a470049d8f Signed-off-by: Dave Cobbley Signed-off-by: Brad Bishop --- .../vlock/vlock-2.2.3/disable_vlockrc.patch | 47 ++++++++ .../vlock/vlock-2.2.3/vlock-no_tally.patch | 120 +++++++++++++++++++++ .../recipes-extended/vlock/vlock-2.2.3/vlock_pam | 3 + .../vlock/vlock-2.2.3/vlock_pam_tally2_reset.patch | 28 +++++ .../meta-oe/recipes-extended/vlock/vlock_2.2.3.bb | 59 ++++++++++ 5 files changed, 257 insertions(+) create mode 100644 meta-openembedded/meta-oe/recipes-extended/vlock/vlock-2.2.3/disable_vlockrc.patch create mode 100644 meta-openembedded/meta-oe/recipes-extended/vlock/vlock-2.2.3/vlock-no_tally.patch create mode 100644 meta-openembedded/meta-oe/recipes-extended/vlock/vlock-2.2.3/vlock_pam create mode 100644 meta-openembedded/meta-oe/recipes-extended/vlock/vlock-2.2.3/vlock_pam_tally2_reset.patch create mode 100644 meta-openembedded/meta-oe/recipes-extended/vlock/vlock_2.2.3.bb (limited to 'meta-openembedded/meta-oe/recipes-extended/vlock') diff --git a/meta-openembedded/meta-oe/recipes-extended/vlock/vlock-2.2.3/disable_vlockrc.patch b/meta-openembedded/meta-oe/recipes-extended/vlock/vlock-2.2.3/disable_vlockrc.patch new file mode 100644 index 0000000000..2412bb8deb --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/vlock/vlock-2.2.3/disable_vlockrc.patch @@ -0,0 +1,47 @@ +From f71cc920528c3496b0118964ebbcf5440cda4ed1 Mon Sep 17 00:00:00 2001 +From: Jackie Huang +Date: Wed, 16 Aug 2017 13:37:40 +0800 +Subject: [PATCH] vlock: add new recipe + +Upstream-Status: Inappropriate [configuration] + +written by: Jeff Polk +Signed-off-by: Jackie Huang + +--- + man/vlock.1 | 5 ----- + src/vlock.sh | 5 ----- + 2 files changed, 10 deletions(-) + +diff --git a/man/vlock.1 b/man/vlock.1 +index 0d29b49..01cb944 100644 +--- a/man/vlock.1 ++++ b/man/vlock.1 +@@ -111,11 +111,6 @@ enter your password at the password prompt. If this variable is unset or set + to an invalid value or 0 no timeout is used. \fBWarning\fR: If this value is + too low, you may not be able to unlock your session. + .PP +-.SH FILES +-.B ~/.vlockrc +-.IP +-This file is read by \fBvlock\fR on startup if it exists. All the variables +-mentioned above can be set here. + .SH SECURITY + See the SECURITY file in the \fBvlock\fR distribution for more information. + .PP +diff --git a/src/vlock.sh b/src/vlock.sh +index 75f1369..f572776 100644 +--- a/src/vlock.sh ++++ b/src/vlock.sh +@@ -35,11 +35,6 @@ This TTY is now locked. + + ${VLOCK_ENTER_PROMPT}" + +-# Read user settings. +-if [ -r "${HOME}/.vlockrc" ] ; then +- . "${HOME}/.vlockrc" +-fi +- + # "Compile" time variables. + VLOCK_MAIN="%PREFIX%/sbin/vlock-main" + VLOCK_VERSION="%VLOCK_VERSION%" diff --git a/meta-openembedded/meta-oe/recipes-extended/vlock/vlock-2.2.3/vlock-no_tally.patch b/meta-openembedded/meta-oe/recipes-extended/vlock/vlock-2.2.3/vlock-no_tally.patch new file mode 100644 index 0000000000..3a344b2362 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/vlock/vlock-2.2.3/vlock-no_tally.patch @@ -0,0 +1,120 @@ +From 17e5c8d32abc214aea408f0837be41e88bce7eb2 Mon Sep 17 00:00:00 2001 +From: Jackie Huang +Date: Wed, 16 Aug 2017 13:37:40 +0800 +Subject: [PATCH] vlock: add new recipe + +Upstream-Status: Pending + +written by: Jeff Polk +Signed-off-by: Jackie Huang + +--- + Makefile | 4 ++++ + configure | 9 +++++++++ + src/vlock-main.c | 8 ++++++++ + 3 files changed, 21 insertions(+) + +diff --git a/Makefile b/Makefile +index 4eeb42a..834cd2c 100644 +--- a/Makefile ++++ b/Makefile +@@ -126,6 +126,10 @@ ifeq ($(AUTH_METHOD),shadow) + vlock-main : override LDLIBS += $(CRYPT_LIB) + endif + ++ifneq ($(ENABLE_FAIL_COUNT),yes) ++vlock-main.o : override CFLAGS += -DNO_FAIL_COUNT ++endif ++ + ifeq ($(ENABLE_PLUGINS),yes) + vlock-main: plugins.o plugin.o module.o process.o script.o tsort.o list.o + # -rdynamic is needed so that the all plugin can access the symbols from console_switch.o +diff --git a/configure b/configure +index d5d84d6..1303598 100755 +--- a/configure ++++ b/configure +@@ -44,6 +44,7 @@ Optional Features: + --enable-shadow enable shadow authentication [disabled] + --enable-root-password enable unlogging with root password [enabled] + --enable-debug enable debugging ++ --enable-fail-count enable failed login attempt summary [enabled] + + Additional configuration: + --with-scripts=SCRIPTS enable the named scripts [] +@@ -78,6 +79,9 @@ enable_feature() { + root-password) + ENABLE_ROOT_PASSWORD="$2" + ;; ++ fail-count) ++ ENABLE_FAIL_COUNT="$2" ++ ;; + pam|shadow) + if [ "$2" = "yes" ] ; then + if [ -n "$auth_method" ] && [ "$auth_method" != "$1" ] ; then +@@ -228,6 +232,7 @@ set_defaults() { + AUTH_METHOD="pam" + ENABLE_ROOT_PASSWORD="yes" + ENABLE_PLUGINS="yes" ++ ENABLE_FAIL_COUNT="yes" + SCRIPTS="" + + VLOCK_GROUP="vlock" +@@ -353,6 +358,10 @@ MODULES = ${MODULES} + # which scripts should be installed + SCRIPTS = ${SCRIPTS} + ++# display a summary of failed authentication attempts after successfully ++# unlocking? ++ENABLE_FAIL_COUNT = ${ENABLE_FAIL_COUNT} ++ + # root's group + ROOT_GROUP = ${ROOT_GROUP} + +diff --git a/src/vlock-main.c b/src/vlock-main.c +index 008f6f0..108ce8b 100644 +--- a/src/vlock-main.c ++++ b/src/vlock-main.c +@@ -112,7 +112,9 @@ static void restore_terminal(void) + (void) tcsetattr(STDIN_FILENO, TCSANOW, &old_term); + } + ++#ifdef ENABLE_FAIL_COUNT + static int auth_tries; ++#endif /* ENABLE_FAIL_COUNT */ + + static void auth_loop(const char *username) + { +@@ -182,7 +184,9 @@ static void auth_loop(const char *username) + } + #endif + ++#ifdef ENABLE_FAIL_COUNT + auth_tries++; ++#endif /* ENABLE_FAIL_COUNT */ + } + + /* Free timeouts memory. */ +@@ -190,11 +194,13 @@ static void auth_loop(const char *username) + free(prompt_timeout); + } + ++#ifdef ENABLE_FAIL_COUNT + void display_auth_tries(void) + { + if (auth_tries > 0) + fprintf(stderr, "%d failed authentication %s.\n", auth_tries, auth_tries > 1 ? "tries" : "try"); + } ++#endif /* ENABLE_FAIL_COUNT */ + + #ifdef USE_PLUGINS + static void call_end_hook(void) +@@ -217,7 +223,9 @@ int main(int argc, char *const argv[]) + if (username == NULL) + fatal_perror("vlock: could not get username"); + ++#ifdef ENABLE_FAIL_COUNT + ensure_atexit(display_auth_tries); ++#endif /* ENABLE_FAIL_COUNT */ + + #ifdef USE_PLUGINS + for (int i = 1; i < argc; i++) diff --git a/meta-openembedded/meta-oe/recipes-extended/vlock/vlock-2.2.3/vlock_pam b/meta-openembedded/meta-oe/recipes-extended/vlock/vlock-2.2.3/vlock_pam new file mode 100644 index 0000000000..a919682b0b --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/vlock/vlock-2.2.3/vlock_pam @@ -0,0 +1,3 @@ +# Use the default auth and account policies for vlock +auth include common-auth +account include common-account diff --git a/meta-openembedded/meta-oe/recipes-extended/vlock/vlock-2.2.3/vlock_pam_tally2_reset.patch b/meta-openembedded/meta-oe/recipes-extended/vlock/vlock-2.2.3/vlock_pam_tally2_reset.patch new file mode 100644 index 0000000000..460b292498 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/vlock/vlock-2.2.3/vlock_pam_tally2_reset.patch @@ -0,0 +1,28 @@ +From fcec4e7fe899f8c0077b3004eeccb7292a945a67 Mon Sep 17 00:00:00 2001 +From: Jackie Huang +Date: Wed, 16 Aug 2017 13:37:40 +0800 +Subject: [PATCH] vlock: add new recipe + +Upstream-Status: Pending + +written by: Jeff Polk +Signed-off-by: Jackie Huang + +--- + src/auth-pam.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/auth-pam.c b/src/auth-pam.c +index 5cf93f6..c5cc67a 100644 +--- a/src/auth-pam.c ++++ b/src/auth-pam.c +@@ -148,6 +148,9 @@ bool auth(const char *user, struct timespec *timeout) + + if (pam_status != PAM_SUCCESS) { + fprintf(stderr, "vlock: %s\n", pam_strerror(pamh, pam_status)); ++ } else { ++ pam_status = pam_acct_mgmt(pamh, 0); ++ if (pam_status == PAM_SUCCESS) pam_setcred(pamh, PAM_REINITIALIZE_CRED); + } + + end: diff --git a/meta-openembedded/meta-oe/recipes-extended/vlock/vlock_2.2.3.bb b/meta-openembedded/meta-oe/recipes-extended/vlock/vlock_2.2.3.bb new file mode 100644 index 0000000000..259d3a5e16 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/vlock/vlock_2.2.3.bb @@ -0,0 +1,59 @@ +SUMMARY = "Virtual Console lock program" +DESCRIPTION = "Sometimes a malicious local user could cause more problems \ + than a sophisticated remote one. vlock is a program that locks one or more \ + sessions on the Linux console to prevent attackers from gaining physical \ + access to the machine. \ + " +SECTION = "utils" + +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=a17cb0a873d252440acfdf9b3d0e7fbf" + +SRC_URI = "${GENTOO_MIRROR}/${BP}.tar.gz \ + file://disable_vlockrc.patch \ + file://vlock_pam_tally2_reset.patch \ + file://vlock-no_tally.patch \ + file://vlock_pam \ + " + +SRC_URI[md5sum] = "378175c7692a8f288e65fd4dbf8a38eb" +SRC_URI[sha256sum] = "85aa5aed1ae49351378a0bd527a013078f0f969372a63164b1944174ae1a5e39" + +inherit autotools-brokensep update-alternatives + +# authentification method: either pam or shadow +PACKAGECONFIG ?= "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', 'shadow', d)}" +PACKAGECONFIG[pam] = "--enable-pam,,libpam," +PACKAGECONFIG[shadow] = "--enable-shadow,,shadow," + +CFLAGS += "-Wall -W -pedantic -std=gnu99" + +do_configure () { + # The configure tries to use 'getent' to get the group + # info from the host, which should be avoided. + sed -i 's/\(ROOT_GROUP=\).*/\1"root"/' ${CONFIGURE_SCRIPT} + + ${CONFIGURE_SCRIPT} \ + VLOCK_GROUP=root \ + ROOT_GROUP=root \ + CC="${CC}" \ + CFLAGS="${CFLAGS}" \ + LDFLAGS="${LDFLAGS}" \ + --prefix=${prefix} \ + --libdir=${libdir} \ + --mandir=${mandir} \ + --with-modules="all.so new.so nosysrq.so ttyblank.so vesablank.so" \ + --disable-root-password --enable-debug --disable-fail-count \ + ${PACKAGECONFIG_CONFARGS} +} + +do_install_append () { + if [ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'yes', '', d)} = yes ]; then + install -d -m 0755 ${D}/${sysconfdir}/pam.d + install -m 0644 ${WORKDIR}/vlock_pam ${D}${sysconfdir}/pam.d/vlock + fi +} + +ALTERNATIVE_${PN} = "vlock" +ALTERNATIVE_PRIORITY = "60" +ALTERNATIVE_LINK_NAME[vlock] = "${bindir}/vlock" -- cgit v1.2.3