added my Recipes
This commit is contained in:
@@ -0,0 +1,47 @@
|
||||
From f71cc920528c3496b0118964ebbcf5440cda4ed1 Mon Sep 17 00:00:00 2001
|
||||
From: Jackie Huang <jackie.huang@windriver.com>
|
||||
Date: Wed, 16 Aug 2017 13:37:40 +0800
|
||||
Subject: [PATCH] vlock: add new recipe
|
||||
|
||||
Upstream-Status: Inappropriate [configuration]
|
||||
|
||||
written by: Jeff Polk <jeff.polk@windriver.com>
|
||||
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
|
||||
|
||||
---
|
||||
man/vlock.1 | 5 -----
|
||||
src/vlock.sh | 5 -----
|
||||
2 files changed, 10 deletions(-)
|
||||
|
||||
diff --git a/man/vlock.1 b/man/vlock.1
|
||||
index 0d29b49..01cb944 100644
|
||||
--- a/man/vlock.1
|
||||
+++ b/man/vlock.1
|
||||
@@ -111,11 +111,6 @@ enter your password at the password prompt. If this variable is unset or set
|
||||
to an invalid value or 0 no timeout is used. \fBWarning\fR: If this value is
|
||||
too low, you may not be able to unlock your session.
|
||||
.PP
|
||||
-.SH FILES
|
||||
-.B ~/.vlockrc
|
||||
-.IP
|
||||
-This file is read by \fBvlock\fR on startup if it exists. All the variables
|
||||
-mentioned above can be set here.
|
||||
.SH SECURITY
|
||||
See the SECURITY file in the \fBvlock\fR distribution for more information.
|
||||
.PP
|
||||
diff --git a/src/vlock.sh b/src/vlock.sh
|
||||
index 75f1369..f572776 100644
|
||||
--- a/src/vlock.sh
|
||||
+++ b/src/vlock.sh
|
||||
@@ -35,11 +35,6 @@ This TTY is now locked.
|
||||
|
||||
${VLOCK_ENTER_PROMPT}"
|
||||
|
||||
-# Read user settings.
|
||||
-if [ -r "${HOME}/.vlockrc" ] ; then
|
||||
- . "${HOME}/.vlockrc"
|
||||
-fi
|
||||
-
|
||||
# "Compile" time variables.
|
||||
VLOCK_MAIN="%PREFIX%/sbin/vlock-main"
|
||||
VLOCK_VERSION="%VLOCK_VERSION%"
|
||||
@@ -0,0 +1,120 @@
|
||||
From 17e5c8d32abc214aea408f0837be41e88bce7eb2 Mon Sep 17 00:00:00 2001
|
||||
From: Jackie Huang <jackie.huang@windriver.com>
|
||||
Date: Wed, 16 Aug 2017 13:37:40 +0800
|
||||
Subject: [PATCH] vlock: add new recipe
|
||||
|
||||
Upstream-Status: Pending
|
||||
|
||||
written by: Jeff Polk <jeff.polk@windriver.com>
|
||||
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
|
||||
|
||||
---
|
||||
Makefile | 4 ++++
|
||||
configure | 9 +++++++++
|
||||
src/vlock-main.c | 8 ++++++++
|
||||
3 files changed, 21 insertions(+)
|
||||
|
||||
diff --git a/Makefile b/Makefile
|
||||
index 4eeb42a..834cd2c 100644
|
||||
--- a/Makefile
|
||||
+++ b/Makefile
|
||||
@@ -126,6 +126,10 @@ ifeq ($(AUTH_METHOD),shadow)
|
||||
vlock-main : override LDLIBS += $(CRYPT_LIB)
|
||||
endif
|
||||
|
||||
+ifneq ($(ENABLE_FAIL_COUNT),yes)
|
||||
+vlock-main.o : override CFLAGS += -DNO_FAIL_COUNT
|
||||
+endif
|
||||
+
|
||||
ifeq ($(ENABLE_PLUGINS),yes)
|
||||
vlock-main: plugins.o plugin.o module.o process.o script.o tsort.o list.o
|
||||
# -rdynamic is needed so that the all plugin can access the symbols from console_switch.o
|
||||
diff --git a/configure b/configure
|
||||
index d5d84d6..1303598 100755
|
||||
--- a/configure
|
||||
+++ b/configure
|
||||
@@ -44,6 +44,7 @@ Optional Features:
|
||||
--enable-shadow enable shadow authentication [disabled]
|
||||
--enable-root-password enable unlogging with root password [enabled]
|
||||
--enable-debug enable debugging
|
||||
+ --enable-fail-count enable failed login attempt summary [enabled]
|
||||
|
||||
Additional configuration:
|
||||
--with-scripts=SCRIPTS enable the named scripts []
|
||||
@@ -78,6 +79,9 @@ enable_feature() {
|
||||
root-password)
|
||||
ENABLE_ROOT_PASSWORD="$2"
|
||||
;;
|
||||
+ fail-count)
|
||||
+ ENABLE_FAIL_COUNT="$2"
|
||||
+ ;;
|
||||
pam|shadow)
|
||||
if [ "$2" = "yes" ] ; then
|
||||
if [ -n "$auth_method" ] && [ "$auth_method" != "$1" ] ; then
|
||||
@@ -228,6 +232,7 @@ set_defaults() {
|
||||
AUTH_METHOD="pam"
|
||||
ENABLE_ROOT_PASSWORD="yes"
|
||||
ENABLE_PLUGINS="yes"
|
||||
+ ENABLE_FAIL_COUNT="yes"
|
||||
SCRIPTS=""
|
||||
|
||||
VLOCK_GROUP="vlock"
|
||||
@@ -353,6 +358,10 @@ MODULES = ${MODULES}
|
||||
# which scripts should be installed
|
||||
SCRIPTS = ${SCRIPTS}
|
||||
|
||||
+# display a summary of failed authentication attempts after successfully
|
||||
+# unlocking?
|
||||
+ENABLE_FAIL_COUNT = ${ENABLE_FAIL_COUNT}
|
||||
+
|
||||
# root's group
|
||||
ROOT_GROUP = ${ROOT_GROUP}
|
||||
|
||||
diff --git a/src/vlock-main.c b/src/vlock-main.c
|
||||
index 008f6f0..108ce8b 100644
|
||||
--- a/src/vlock-main.c
|
||||
+++ b/src/vlock-main.c
|
||||
@@ -112,7 +112,9 @@ static void restore_terminal(void)
|
||||
(void) tcsetattr(STDIN_FILENO, TCSANOW, &old_term);
|
||||
}
|
||||
|
||||
+#ifdef ENABLE_FAIL_COUNT
|
||||
static int auth_tries;
|
||||
+#endif /* ENABLE_FAIL_COUNT */
|
||||
|
||||
static void auth_loop(const char *username)
|
||||
{
|
||||
@@ -182,7 +184,9 @@ static void auth_loop(const char *username)
|
||||
}
|
||||
#endif
|
||||
|
||||
+#ifdef ENABLE_FAIL_COUNT
|
||||
auth_tries++;
|
||||
+#endif /* ENABLE_FAIL_COUNT */
|
||||
}
|
||||
|
||||
/* Free timeouts memory. */
|
||||
@@ -190,11 +194,13 @@ static void auth_loop(const char *username)
|
||||
free(prompt_timeout);
|
||||
}
|
||||
|
||||
+#ifdef ENABLE_FAIL_COUNT
|
||||
void display_auth_tries(void)
|
||||
{
|
||||
if (auth_tries > 0)
|
||||
fprintf(stderr, "%d failed authentication %s.\n", auth_tries, auth_tries > 1 ? "tries" : "try");
|
||||
}
|
||||
+#endif /* ENABLE_FAIL_COUNT */
|
||||
|
||||
#ifdef USE_PLUGINS
|
||||
static void call_end_hook(void)
|
||||
@@ -217,7 +223,9 @@ int main(int argc, char *const argv[])
|
||||
if (username == NULL)
|
||||
fatal_perror("vlock: could not get username");
|
||||
|
||||
+#ifdef ENABLE_FAIL_COUNT
|
||||
ensure_atexit(display_auth_tries);
|
||||
+#endif /* ENABLE_FAIL_COUNT */
|
||||
|
||||
#ifdef USE_PLUGINS
|
||||
for (int i = 1; i < argc; i++)
|
||||
@@ -0,0 +1,3 @@
|
||||
# Use the default auth and account policies for vlock
|
||||
auth include common-auth
|
||||
account include common-account
|
||||
@@ -0,0 +1,28 @@
|
||||
From fcec4e7fe899f8c0077b3004eeccb7292a945a67 Mon Sep 17 00:00:00 2001
|
||||
From: Jackie Huang <jackie.huang@windriver.com>
|
||||
Date: Wed, 16 Aug 2017 13:37:40 +0800
|
||||
Subject: [PATCH] vlock: add new recipe
|
||||
|
||||
Upstream-Status: Pending
|
||||
|
||||
written by: Jeff Polk <jeff.polk@windriver.com>
|
||||
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
|
||||
|
||||
---
|
||||
src/auth-pam.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/src/auth-pam.c b/src/auth-pam.c
|
||||
index 5cf93f6..c5cc67a 100644
|
||||
--- a/src/auth-pam.c
|
||||
+++ b/src/auth-pam.c
|
||||
@@ -148,6 +148,9 @@ bool auth(const char *user, struct timespec *timeout)
|
||||
|
||||
if (pam_status != PAM_SUCCESS) {
|
||||
fprintf(stderr, "vlock: %s\n", pam_strerror(pamh, pam_status));
|
||||
+ } else {
|
||||
+ pam_status = pam_acct_mgmt(pamh, 0);
|
||||
+ if (pam_status == PAM_SUCCESS) pam_setcred(pamh, PAM_REINITIALIZE_CRED);
|
||||
}
|
||||
|
||||
end:
|
||||
@@ -0,0 +1,59 @@
|
||||
SUMMARY = "Virtual Console lock program"
|
||||
DESCRIPTION = "Sometimes a malicious local user could cause more problems \
|
||||
than a sophisticated remote one. vlock is a program that locks one or more \
|
||||
sessions on the Linux console to prevent attackers from gaining physical \
|
||||
access to the machine. \
|
||||
"
|
||||
SECTION = "utils"
|
||||
|
||||
LICENSE = "GPL-2.0-only"
|
||||
LIC_FILES_CHKSUM = "file://COPYING;md5=a17cb0a873d252440acfdf9b3d0e7fbf"
|
||||
|
||||
SRC_URI = "${GENTOO_MIRROR}/${BP}.tar.gz \
|
||||
file://disable_vlockrc.patch \
|
||||
file://vlock_pam_tally2_reset.patch \
|
||||
file://vlock-no_tally.patch \
|
||||
file://vlock_pam \
|
||||
"
|
||||
|
||||
SRC_URI[md5sum] = "378175c7692a8f288e65fd4dbf8a38eb"
|
||||
SRC_URI[sha256sum] = "85aa5aed1ae49351378a0bd527a013078f0f969372a63164b1944174ae1a5e39"
|
||||
|
||||
inherit autotools-brokensep update-alternatives
|
||||
|
||||
# authentification method: either pam or shadow
|
||||
PACKAGECONFIG ?= "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', 'shadow', d)}"
|
||||
PACKAGECONFIG[pam] = "--enable-pam,,libpam,"
|
||||
PACKAGECONFIG[shadow] = "--enable-shadow,,shadow,"
|
||||
|
||||
CFLAGS += "-Wall -W -pedantic -std=gnu99"
|
||||
|
||||
do_configure () {
|
||||
# The configure tries to use 'getent' to get the group
|
||||
# info from the host, which should be avoided.
|
||||
sed -i 's/\(ROOT_GROUP=\).*/\1"root"/' ${CONFIGURE_SCRIPT}
|
||||
|
||||
${CONFIGURE_SCRIPT} \
|
||||
VLOCK_GROUP=root \
|
||||
ROOT_GROUP=root \
|
||||
CC="${CC}" \
|
||||
CFLAGS="${CFLAGS}" \
|
||||
LDFLAGS="${LDFLAGS}" \
|
||||
--prefix=${prefix} \
|
||||
--libdir=${libdir} \
|
||||
--mandir=${mandir} \
|
||||
--with-modules="all.so new.so nosysrq.so ttyblank.so vesablank.so" \
|
||||
--disable-root-password --enable-debug --disable-fail-count \
|
||||
${PACKAGECONFIG_CONFARGS}
|
||||
}
|
||||
|
||||
do_install:append () {
|
||||
if [ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'yes', '', d)} = yes ]; then
|
||||
install -d -m 0755 ${D}/${sysconfdir}/pam.d
|
||||
install -m 0644 ${WORKDIR}/vlock_pam ${D}${sysconfdir}/pam.d/vlock
|
||||
fi
|
||||
}
|
||||
|
||||
ALTERNATIVE:${PN} = "vlock"
|
||||
ALTERNATIVE_PRIORITY = "60"
|
||||
ALTERNATIVE_LINK_NAME[vlock] = "${bindir}/vlock"
|
||||
Reference in New Issue
Block a user