Merge pull request #2192 from brauner/2018-02-26/enable_pam_flag

configure: add --enable-pam
2025-07-23 16:05:42 +00:00 · 2018-02-26 12:11:13 -05:00 · 2018-02-26 12:11:13 -05:00 · d4feae43a6
commit d4feae43a6
parent 378ad0a07b f7a8609fab
3 changed files with 2655 additions and 0 deletions
--- a/configure.ac
+++ b/configure.ac
@ -607,6 +607,43 @@ else
 fi
 AM_CONDITIONAL([IS_BIONIC], [test "x$is_bionic" = "xyes"])

+# Configuration examples
+AC_ARG_ENABLE([pam],
+	[AC_HELP_STRING([--enable-pam], [enable pam module [default=no]])],
+	[], [enable_pam=no])
+AM_CONDITIONAL([ENABLE_PAM], [test "x$enable_pam" = "xyes"])
+
+AM_COND_IF([ENABLE_PAM],
+	[AC_ARG_WITH(
+		[pamdir],
+		[AS_HELP_STRING([--with-pamdir=PATH],[Specify the directory where PAM modules are stored,
+							or "none" if PAM modules are not to be built])],
+		[pamdir="${withval}"],
+		[
+			if test "${prefix}" = "/usr"; then
+				pamdir="/lib${libdir##*/lib}/security"
+			else
+				pamdir="\$(libdir)/security"
+			fi
+		]
+	)])
+
+AM_CONDITIONAL([HAVE_PAM], [test x"$pamdir" != "xnone"])
+AM_COND_IF([ENABLE_PAM],
+	[if test "z$pamdir" != "znone"; then
+		AC_ARG_VAR([PAM_CFLAGS], [C compiler flags for pam])
+		AC_ARG_VAR([PAM_LIBS], [linker flags for pam])
+		AC_CHECK_LIB(
+			[pam],
+			[pam_authenticate],
+			[PAM_LIBS="-lpam"],
+			[AC_MSG_ERROR([*** libpam not found.])
+			])
+
+		AC_SUBST(PAM_LIBS)
+		AC_SUBST([pamdir])
+	fi])
+
 # Some systems lack PR_CAPBSET_DROP definition => HAVE_DECL_PR_CAPBSET_DROP
 AC_CHECK_DECLS([PR_CAPBSET_DROP], [], [], [#include <sys/prctl.h>])

@ -927,6 +964,10 @@ Security features:
 - seccomp: $enable_seccomp
 - SELinux: $enable_selinux

+PAM:
+ - PAM module: $enable_pam
+ - cgroup PAM module: $pamdir
+
 Bindings:
 - lua: $enable_lua
 - python3: $enable_python
--- a/src/lxc/Makefile.am
+++ b/src/lxc/Makefile.am
@ -305,6 +305,16 @@ init_lxc_static_LDADD = @CAP_LIBS@
 init_lxc_static_CFLAGS = $(AM_CFLAGS) -DNO_LXC_CONF
 endif

+if ENABLE_PAM
+if HAVE_PAM
+pam_LTLIBRARIES = pam_cgfs.la
+pam_cgfs_la_SOURCES = pam/pam_cgfs.c macro.h
+pam_cgfs_la_CFLAGS = $(AM_CFLAGS)
+pam_cgfs_la_LIBADD = $(AM_LIBS) $(PAM_LIBS) -L$(top_srcdir)
+pam_cgfs_la_LDFLAGS = $(AM_LDFLAGS) -module -avoid-version -shared
+endif
+endif
+
 install-exec-local: install-libLTLIBRARIES
 	mkdir -p $(DESTDIR)$(datadir)/lxc
 	install -c -m 644 lxc.functions $(DESTDIR)$(datadir)/lxc
@ -319,3 +329,12 @@ install-exec-hook:

 uninstall-local:
 	$(RM) $(DESTDIR)$(libdir)/liblxc.so*
+if ENABLE_PAM
+if HAVE_PAM
+	$(RM) $(DESTDIR)$(pamdir)/pam_cgfs.so*
+
+install-data-hook: install-pamLTLIBRARIES
+	$(RM) "$(DESTDIR)$(pamdir)/pam_cgfs.la"
+	$(RM) "$(DESTDIR)$(pamdir)/pam_cgfs.a"
+endif
+endif
--- a/src/lxc/pam/pam_cgfs.c
+++ b/src/lxc/pam/pam_cgfs.c