Patchwork openssh: enable PAM at runtime based on DISTRO_FEATURES

login
register
mail settings
Submitter Koen Kooi
Date Feb. 19, 2014, 8:45 a.m.
Message ID <1392799558-31118-1-git-send-email-koen.kooi@linaro.org>
Download mbox | patch
Permalink /patch/66959/
State New
Headers show

Comments

Koen Kooi - Feb. 19, 2014, 8:45 a.m.
Everything is setup to use PAM except for the server config. If 'pam' is
in DISTRO_FEATURES the configs will be changed to enable it.

Syslog will now show:

	Feb 19 09:28:36 beast sshd[2980]: pam_unix(sshd:session): session opened for user koen by (uid=0)

And more importantly:

	koen@beast:~$ loginctl
	   SESSION        UID USER             SEAT
	        c1       1000 koen             seat0
	        c3       1000 koen             seat0
	       c13       1000 koen

	3 sessions listed.

Systemd now registers the session properly so it won't kill things like 'screen'
and 'tmux' when disconnecting the ssh session.

Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
---
 meta/recipes-connectivity/openssh/openssh_6.4p1.bb | 2 ++
 1 file changed, 2 insertions(+)
Bernhard Reutner-Fischer - Feb. 19, 2014, 8:20 p.m.
On 19 February 2014 09:46:12 Koen Kooi <koen.kooi@linaro.org> wrote:


> +++ b/meta/recipes-connectivity/openssh/openssh_6.4p1.bb
> @@ -82,6 +82,8 @@ do_install_append () {
>  	if [ "${@base_contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" = "pam" 
>  ]; then
>  		install -d ${D}${sysconfdir}/pam.d
>  		install -m 0755 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd

I'd rephrase the above to use one install -D and pass both files below to 
just one sed.

thanks,

> +		sed -i -e 's:#UsePAM no:UsePAM yes:' ${WORKDIR}/sshd_config
> +		sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config
>  	fi
>
>  	install -d ${D}${sysconfdir}/init.d
> --
> 1.8.4.2
>
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core



Sent with AquaMail for Android
http://www.aqua-mail.com
Andreas Oberritter - Feb. 19, 2014, 10:01 p.m.
Hello Koen,

On 19.02.2014 09:45, Koen Kooi wrote:
> diff --git a/meta/recipes-connectivity/openssh/openssh_6.4p1.bb b/meta/recipes-connectivity/openssh/openssh_6.4p1.bb
> index 9c0bb48..5b9ec10 100644
> --- a/meta/recipes-connectivity/openssh/openssh_6.4p1.bb
> +++ b/meta/recipes-connectivity/openssh/openssh_6.4p1.bb
> @@ -82,6 +82,8 @@ do_install_append () {
>  	if [ "${@base_contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" = "pam" ]; then
>  		install -d ${D}${sysconfdir}/pam.d
>  		install -m 0755 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
> +		sed -i -e 's:#UsePAM no:UsePAM yes:' ${WORKDIR}/sshd_config
> +		sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config

is the first of the two new lines really necessary?

Regards,
Andreas
Koen Kooi - Feb. 20, 2014, 6:51 a.m.
Op 19 feb. 2014, om 23:01 heeft Andreas Oberritter <obi@opendreambox.org> het volgende geschreven:

> Hello Koen,
> 
> On 19.02.2014 09:45, Koen Kooi wrote:
>> diff --git a/meta/recipes-connectivity/openssh/openssh_6.4p1.bb b/meta/recipes-connectivity/openssh/openssh_6.4p1.bb
>> index 9c0bb48..5b9ec10 100644
>> --- a/meta/recipes-connectivity/openssh/openssh_6.4p1.bb
>> +++ b/meta/recipes-connectivity/openssh/openssh_6.4p1.bb
>> @@ -82,6 +82,8 @@ do_install_append () {
>> 	if [ "${@base_contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" = "pam" ]; then
>> 		install -d ${D}${sysconfdir}/pam.d
>> 		install -m 0755 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
>> +		sed -i -e 's:#UsePAM no:UsePAM yes:' ${WORKDIR}/sshd_config
>> +		sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config
> 
> is the first of the two new lines really necessary?

Yes, the recipe installs /etc/ssh/sshd_config in do_compile_append and  /etc/ssh/sshd_config_readonly in do_install_append.

regards,

Koen

> 
> Regards,
> Andreas
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>

Patch

diff --git a/meta/recipes-connectivity/openssh/openssh_6.4p1.bb b/meta/recipes-connectivity/openssh/openssh_6.4p1.bb
index 9c0bb48..5b9ec10 100644
--- a/meta/recipes-connectivity/openssh/openssh_6.4p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_6.4p1.bb
@@ -82,6 +82,8 @@  do_install_append () {
 	if [ "${@base_contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" = "pam" ]; then
 		install -d ${D}${sysconfdir}/pam.d
 		install -m 0755 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
+		sed -i -e 's:#UsePAM no:UsePAM yes:' ${WORKDIR}/sshd_config
+		sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config
 	fi
 
 	install -d ${D}${sysconfdir}/init.d