remove pam.d configuration files

pam configuration files are not portable, its the job of the package maintainer or user who builds opendoas themselves to configure pam in a safe and usable way.
Duncaen · Jan 28, 2021 · cfa9f0d · cfa9f0d
1 parent 24b1a95
commit cfa9f0d
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 20 deletions.
diff --git a/GNUmakefile b/GNUmakefile
@@ -15,16 +15,13 @@ OBJS:=	${OBJS:.c=.o}
 ${PROG}: ${OBJS}
 	${CC} ${CFLAGS} $^ -o $@ ${LDFLAGS} ${LDLIBS}
 
-install: ${PROG} ${PAM_DOAS} ${MAN}
+install: ${PROG} ${MAN}
 	mkdir -p -m 0755 ${DESTDIR}${BINDIR}
-	[ -n "${PAM_DOAS}" ] && mkdir -p -m 0755 ${DESTDIR}${PAMDIR} || true
 	mkdir -p -m 0755 ${DESTDIR}${MANDIR}/man1
 	mkdir -p -m 0755 ${DESTDIR}${MANDIR}/man5
 	cp -f ${PROG} ${DESTDIR}${BINDIR}
 	chown ${BINOWN}:${BINGRP} ${DESTDIR}${BINDIR}/${PROG}
 	chmod ${BINMODE} ${DESTDIR}${BINDIR}/${PROG}
-	[ -n "${PAM_DOAS}" ] && cp ${PAM_DOAS} ${DESTDIR}${PAMDIR}/doas || true
-	[ -n "${PAM_DOAS}" ] && chmod 0644 ${DESTDIR}${PAMDIR}/doas || true
 	cp -f doas.1 ${DESTDIR}${MANDIR}/man1
 	cp -f doas.conf.5 ${DESTDIR}${MANDIR}/man5
 

diff --git a/README.md b/README.md
@@ -29,6 +29,18 @@ from openssh (`readpassphrase.c`) or from sudo (`closefrom.c`).
 
 The PAM and shadow authentication code does not come from the OpenBSD project.
 
+### pam configuration
+
+I will not ship pam configuration files, they are distribution specific and
+its simply not safe or productive to ship and install those files.
+
+If you want to use opendoas on your system and there is no package that
+ships with a working pam configuration file, then you have to write and
+test it yourself.
+
+A good starting point is probably the distribution maintained `/etc/pam.d/sudo`
+file.
+
 ### Perist/Timestamp/Timeout
 
 The persist feature is disabled by default and can be enabled with the configure

diff --git a/configure b/configure
@@ -15,7 +15,6 @@ usage: configure [options]
   --datadir=DIR          architecture-independent data files [PREFIX/share]
   --mandir=DIR           manual pages [DATADIR/man]
   --sysconfdir=DIR       directory for configuration files [/etc]
-  --pamdir=DIR           PAM directory [SYSCONFDIR/pam.d]
 
   --build=build-alias    a cpu-vendor-opsys for the system where the application will be built
   --host=host-alias      a cpu-vendor-opsys for the system where the application will run
@@ -52,7 +51,6 @@ for x; do
 	--datadir) SHAREDIR=$var ;;
 	--mandir) MANDIR=$var ;;
 	--sysconfdir) SYSCONFDIR=$var ;;
-	--pamdir) PAMDIR=$var ;;
 	--build) BUILD=$var ;;
 	--host) HOST=$var ;;
 	--target) TARGET=$var ;;
@@ -134,7 +132,6 @@ esac
 : ${SHAREDIR:=${PREFIX}/share}
 : ${MANDIR:=${SHAREDIR}/man}
 : ${SYSCONFDIR:=/etc}
-: ${PAMDIR:=${SYSCONFDIR}/pam.d}
 : ${BINMODE:=4755}
 : ${BINOWN:=root}
 : ${BINGRP:=root}
@@ -146,7 +143,6 @@ BINDIR   ?=	${BINDIR}
 SHAREDIR ?=	${SHAREDIR}
 MANDIR   ?=	${MANDIR}
 SYSCONFDIR?=	${SYSCONFDIR}
-PAMDIR   ?=	${PAMDIR}
 BINMODE  ?=	${BINMODE}
 BINOWN  ?=	${BINOWN}
 BINGRP  ?=	${BINGRP}
@@ -203,9 +199,6 @@ int main(void) {
 		printf 'LDLIBS +=	-lpam\n' >>$CONFIG_MK
 		printf '#define USE_PAM\n' >>$CONFIG_H
 		printf 'pam\n'
-
-		pam_file="pam.d__doas__${OS}"
-		[ -e "$pam_file" ] && printf 'PAM_DOAS  =	%s\n' "$pam_file" >>$CONFIG_MK
 		return 0
 	}
 

diff --git a/pam.d__doas__darwin b/pam.d__doas__darwin
diff --git a/pam.d__doas__linux b/pam.d__doas__linux