summarylogtreecommitdiffstats
diff options
context:
space:
mode:
authorAmish2018-10-12 17:57:26 +0530
committerAmish2018-10-12 18:08:07 +0530
commitb8413316f8e5b434044160d01c4f15c9dcc408f3 (patch)
treedbb79e6bc7e96ee5341f8905f7b60655e457e6de
parent6dd93d2e8eee616d6e299d96c27cac4ff350abcb (diff)
downloadaur-b8413316f8e5b434044160d01c4f15c9dcc408f3.tar.gz
Improve PAM service file to use Arch Linux system-remote-login
-rw-r--r--.SRCINFO5
-rw-r--r--PKGBUILD26
-rw-r--r--php17
3 files changed, 21 insertions, 27 deletions
diff --git a/.SRCINFO b/.SRCINFO
index bf27e960a92..8f11038f73a 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
pkgbase = php-pam
pkgdesc = This extension provides PAM (Pluggable Authentication Modules) integration in PHP.
pkgver = 2.1.0
- pkgrel = 1
+ pkgrel = 2
url = https://github.com/amishmm/php-pam
arch = i686
arch = x86_64
@@ -10,10 +10,9 @@ pkgbase = php-pam
depends = php>=7.2.0
depends = pam
depends = php-pear
+ backup = etc/pam.d/php
source = php-pam-2.1.0.tar.gz::https://github.com/amishmm/php-pam/archive/v2.1.0.tar.gz
- source = php
md5sums = 0182234a17611e79f537c0b16927fe8e
- md5sums = 5fb207f61ff94b0cc7a2dcc1e3c1c388
pkgname = php-pam
diff --git a/PKGBUILD b/PKGBUILD
index a316c068276..a59c777b626 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -3,17 +3,16 @@
pkgname=php-pam
pkgver=2.1.0
-pkgrel=1
+pkgrel=2
pkgdesc="This extension provides PAM (Pluggable Authentication Modules) integration in PHP."
arch=('i686' 'x86_64')
url="https://github.com/amishmm/php-pam"
license=('PHP')
depends=('php>=7.2.0' 'pam' 'php-pear')
makedepends=('autoconf')
-#install=php-pam.install
-source=("${pkgname}-${pkgver}.tar.gz::https://github.com/amishmm/${pkgname}/archive/v${pkgver}.tar.gz" php)
-md5sums=('0182234a17611e79f537c0b16927fe8e'
- '5fb207f61ff94b0cc7a2dcc1e3c1c388')
+source=("${pkgname}-${pkgver}.tar.gz::https://github.com/amishmm/${pkgname}/archive/v${pkgver}.tar.gz")
+md5sums=('0182234a17611e79f537c0b16927fe8e')
+backup=('etc/pam.d/php')
build() {
cd "${pkgname}-${pkgver}"
@@ -25,7 +24,20 @@ build() {
package() {
cd "${pkgname}-${pkgver}"
make INSTALL_ROOT="${pkgdir}" install
- echo -e "extension=pam.so;\npam.servicename=\"php\";" | \
+
+ echo -e "extension=pam.so;\npam.servicename=\"php\";\npam.force_servicename=0;" | \
install -Dm644 /dev/stdin "${pkgdir}/etc/php/conf.d/pam.ini"
- install -Dm644 "${srcdir}/php" ${pkgdir}/etc/pam.d/php
+
+ # use archlinux's own system-remote-login as PAM service
+ # because that is expected to be well tested for security
+ # and all future modifications will also automatically apply
+ # NOTE: content copied from /etc/pam.d/sshd
+ install -Dm644 /dev/stdin "${pkgdir}/etc/pam.d/php" << 'EOF'
+#%PAM-1.0
+#auth required pam_securetty.so #disable remote root
+auth include system-remote-login
+account include system-remote-login
+password include system-remote-login
+session include system-remote-login
+EOF
}
diff --git a/php b/php
deleted file mode 100644
index f1feae4d01f..00000000000
--- a/php
+++ /dev/null
@@ -1,17 +0,0 @@
-#%PAM-1.0
-auth required pam_securetty.so
-auth requisite pam_nologin.so
-auth required pam_unix.so nullok
-auth required pam_tally.so onerr=succeed file=/var/log/faillog
-# use this to lockout accounts for 10 minutes after 3 failed attempts
-#auth required pam_tally.so deny=2 unlock_time=600 onerr=succeed file=/var/log/faillog
-account required pam_access.so
-account required pam_time.so
-account required pam_unix.so
-session required pam_unix.so
-session required pam_env.so
-session required pam_motd.so
-session required pam_limits.so
-session optional pam_lastlog.so
-session optional pam_loginuid.so
-