pam: rename to libpam and add core config files

So far pam is not really functional as there no pam config files exists, here
we borrow from openembedded to setup core /etc/pam.d to make it functional:

  * change 'pam' to 'libpam' following Debian naming convention, and change
    (R)DEPENDS in other recipes

  * borrow openembedded libpam-base-files with changes:
    - rename to libpam-runtime to follow Debian naming
    - only keep common-* core files which can be traced back to Debian
      libpam-runtime-1.0.1 for license track. Other service specific files
      (such as atd, cron, ...) are removed because either they may contaminate
      the license or it's right thing to have their own packages providing them
    - use same libpam recipe instead of creating a new. This way other /etc/
      stuff are all contained by libpam-runtime

  * like openembedded, we package each pam plugin into seperate package now,
    with some differnce though:
    - Some ${sbindir} binaries are bound to specific PAM plugin. So better to
      package them together with corresponding plugin package
    - populate_sysroot_prepend is invoked before actual populate_sysroot, at
      that time ${D} binaries haven't been tripped. So it's difficult to specify
      -dev for those plugin pacakges from _prepend which are simply empty.
      actually one -dev/-doc per recipe is one good exercise here.

Signed-off-by: Kevin Tian <kevin.tian@intel.com>

meta/packages/libcap/libcap.inc

@@ -5,8 +5,7 @@ HOMEPAGE = "http://sites.google.com/site/fullycapable/"
 LICENSE = "BSD | GPL"
 LIC_FILES_CHKSUM = "file://License;md5=731de803c1ccbcb05a9b3523279c8d7f"
 
-DEPENDS = "pam attr perl-native"
-PR = "r0"
+DEPENDS = "libpam attr perl-native"
 
 SRC_URI = "${KERNELORG_MIRROR}/pub/linux/libs/security/linux-privs/libcap2/${BPN}-${PV}.tar.bz2"
 

meta/packages/libcap/libcap_2.19.bb

@@ -1,3 +1,3 @@
 require libcap.inc
 
-PR = "r0"
+PR = "r1"

meta/packages/pam/libpam-1.1.1/pam.d/common-account

@@ -0,0 +1,25 @@
+#
+# /etc/pam.d/common-account - authorization settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authorization modules that define
+# the central access policy for use on the system.  The default is to
+# only deny service to users whose accounts are expired in /etc/shadow.
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+#
+
+# here are the per-package modules (the "Primary" block)
+account	[success=1 new_authtok_reqd=done default=ignore]	pam_unix.so 
+# here's the fallback if no module succeeds
+account	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+account	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config

meta/packages/pam/libpam-1.1.1/pam.d/common-auth

@@ -0,0 +1,18 @@
+#
+# /etc/pam.d/common-auth - authentication settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authentication modules that define
+# the central authentication scheme for use on the system
+# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
+# traditional Unix authentication mechanisms.
+
+# here are the per-package modules (the "Primary" block)
+auth	[success=1 default=ignore]	pam_unix.so nullok_secure
+# here's the fallback if no module succeeds
+auth	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+auth	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)

meta/packages/pam/libpam-1.1.1/pam.d/common-password

@@ -0,0 +1,26 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "sha512" option enables salted SHA512 passwords.  Without this option,
+# the default is Unix crypt.  Prior releases used the option "md5".
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# here are the per-package modules (the "Primary" block)
+password	[success=1 default=ignore]	pam_unix.so obscure sha512
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)

meta/packages/pam/libpam-1.1.1/pam.d/common-session

@@ -0,0 +1,19 @@
+#
+# /etc/pam.d/common-session - session-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define tasks to be performed
+# at the start and end of sessions of *any* kind (both interactive and
+# non-interactive).
+#
+
+# here are the per-package modules (the "Primary" block)
+session	[default=1]			pam_permit.so
+# here's the fallback if no module succeeds
+session	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+session	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+session	required	pam_unix.so 

meta/packages/pam/libpam-1.1.1/pam.d/common-session-noninteractive

@@ -0,0 +1,19 @@
+#
+# /etc/pam.d/common-session-noninteractive - session-related modules
+# common to all non-interactive services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define tasks to be performed
+# at the start and end of all non-interactive sessions.
+#
+
+# here are the per-package modules (the "Primary" block)
+session	[default=1]			pam_permit.so
+# here's the fallback if no module succeeds
+session	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+session	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+session	required	pam_unix.so 

meta/packages/pam/libpam-1.1.1/pam.d/other

@@ -0,0 +1,27 @@
+#
+# /etc/pam.d/other - specify the PAM fallback behaviour
+#
+# Note that this file is used for any unspecified service; for example
+#if /etc/pam.d/cron  specifies no session modules but cron calls
+#pam_open_session, the session module out of /etc/pam.d/other is
+#used.  
+
+#If you really want nothing to happen then use pam_permit.so or
+#pam_deny.so as appropriate.
+
+# We use pam_warn.so to generate syslog notes that the 'other'
+#fallback rules are being used (as a hint to suggest you should setup
+#specific PAM rules for the service and aid to debugging). We then 
+#fall back to the system default in /etc/pam.d/common-*
+
+auth       required     pam_warn.so
+auth       include      common-auth
+
+account    required     pam_warn.so
+account    include      common-account
+
+password   required     pam_warn.so
+password   include      common-password
+
+session    required     pam_warn.so
+session    include      common-session

meta/packages/pam/libpam_1.1.1.bb

@@ -0,0 +1,77 @@
+DESCRIPTION = "Linux-PAM (Pluggable Authentication Modules for Linux), Basically, it is a flexible mechanism for authenticating users"
+HOMEPAGE = "http://www.kernel.org/pub/linux/libs/pam/"
+BUGTRACKER = "http://sourceforge.net/projects/pam/support"
+# PAM allows dual licensed under GPL and BSD.
+# /etc/pam.d comes from Debian libpam-runtime in 2009-11 (at that time 
+# libpam-runtime-1.0.1 is GPLv2+), by openembedded
+LICENSE = "GPLv2+ | BSD"
+PR = "r0"
+
+DEPENDS = "bison flex"
+RDEPENDS_${PN}-runtime = "libpam pam-plugin-deny pam-plugin-permit pam-plugin-warn pam-plugin-unix"
+RRECOMMENDS_${PN} = "libpam-runtime"
+
+SRC_URI = "http://www.kernel.org/pub/linux/libs/pam/library/Linux-PAM-${PV}.tar.bz2 \
+           file://disable_crossbinary.patch \
+           file://99_pam \
+           file://pam.d/*"
+
+EXTRA_OECONF = "--with-db-uniquename=_pam \
+                --includedir=${includedir}/security \
+                --libdir=${base_libdir} \
+                --disable-regenerate-docu"
+CFLAGS_append = " -fPIC "
+
+S = "${WORKDIR}/Linux-PAM-${PV}"
+
+inherit autotools gettext
+
+PACKAGES += "${PN}-runtime"
+FILES_${PN} = "${base_libdir}/lib*${SOLIBS}"
+FILES_${PN}-dbg += "${base_libdir}/security/.debug \
+                    ${base_libdir}/security/pam_filter/.debug"
+FILES_${PN}-dev += "${base_libdir}/security/*.la ${base_libdir}/*.la ${base_libdir}/lib*${SOLIBSDEV}"
+FILES_${PN}-runtime = "${sysconfdir}"
+
+PACKAGES_DYNAMIC += " pam-plugin-*"
+
+python populate_packages_prepend () {
+	import os.path
+
+	def pam_plugin_append_file(pn, dir, file):
+		nf = os.path.join(dir, file)
+		of = bb.data.getVar('FILES_' + pn, d, True)
+		if of:
+			nf = of + " " + nf
+		bb.data.setVar('FILES_' + pn, nf, d)
+
+	dvar = bb.data.expand('${WORKDIR}/package', d, True)
+	pam_libdir = bb.data.expand('${base_libdir}/security', d)
+	pam_sbindir = bb.data.expand('${sbindir}', d)
+	pam_filterdir = bb.data.expand('${base_libdir}/security/pam_filter', d)
+
+	do_split_packages(d, pam_libdir, '^pam(.*)\.so$', 'pam-plugin%s', 'PAM plugin for %s', extra_depends='')
+	pam_plugin_append_file('pam-plugin-unix', pam_sbindir, 'unix_chkpwd')
+	pam_plugin_append_file('pam-plugin-unix', pam_sbindir, 'unix_update')
+	pam_plugin_append_file('pam-plugin-tally', pam_sbindir, 'pam_tally')
+	pam_plugin_append_file('pam-plugin-tally2', pam_sbindir, 'pam_tally2')
+	pam_plugin_append_file('pam-plugin-timestamp', pam_sbindir, 'pam_timestamp_check')
+	pam_plugin_append_file('pam-plugin-mkhomedir', pam_sbindir, 'mkhomedir_helper')
+	do_split_packages(d, pam_filterdir, '^(.*)$', 'pam-filter-%s', 'PAM filter for %s', extra_depends='')
+}
+
+do_install() {
+	autotools_do_install
+
+	# don't install /var/run when populating rootfs. Do it through volatile
+	rm -rf ${D}/var
+	install -d ${D}${sysconfdir}/default/volatiles
+	install -m 0644 ${WORKDIR}/99_pam ${D}/etc/default/volatiles
+
+	install -d ${D}${sysconfdir}/pam.d/     
+	install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
+}
+
+pkg_postinst_${PN} () {
+        /etc/init.d/populate-volatile.sh update
+}

meta/packages/polkit/polkit_0.96.bb

@@ -6,9 +6,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=155db86cdbafa7532b41f390409283eb \
                     file://docs/polkit/html/license.html;md5=4c17ef1587e0f096c82157160d4e340e"
 
 SRC_URI = "http://hal.freedesktop.org/releases/polkit-${PV}.tar.gz"
-PR="r1"
-DEPENDS = "pam expat dbus-glib eggdbus intltool"
-RDEPENDS = "pam"
+PR = "r2"
+DEPENDS = "libpam expat dbus-glib eggdbus intltool"
+RDEPENDS = "libpam"
 EXTRA_OECONF = "--with-authfw=pam --with-os-type=moblin --disable-man-pages --disable-gtk-doc --disable-introspection"
 
 inherit autotools pkgconfig