Improve PAM service file to use Arch Linux system-remote-login

3 files changed, 21 insertions, 27 deletions

diff --git a/.SRCINFO b/.SRCINFO
index bf27e960a928..8f11038f73ac 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
 pkgbase = php-pam
 	pkgdesc = This extension provides PAM (Pluggable Authentication Modules) integration in PHP.
 	pkgver = 2.1.0
-	pkgrel = 1
+	pkgrel = 2
 	url = https://github.com/amishmm/php-pam
 	arch = i686
 	arch = x86_64
@@ -10,10 +10,9 @@ pkgbase = php-pam
 	depends = php>=7.2.0
 	depends = pam
 	depends = php-pear
+	backup = etc/pam.d/php
 	source = php-pam-2.1.0.tar.gz::https://github.com/amishmm/php-pam/archive/v2.1.0.tar.gz
-	source = php
 	md5sums = 0182234a17611e79f537c0b16927fe8e
-	md5sums = 5fb207f61ff94b0cc7a2dcc1e3c1c388
 
 pkgname = php-pam
 
diff --git a/PKGBUILD b/PKGBUILD
index a316c0682767..a59c777b6265 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -3,17 +3,16 @@
 
 pkgname=php-pam
 pkgver=2.1.0
-pkgrel=1
+pkgrel=2
 pkgdesc="This extension provides PAM (Pluggable Authentication Modules) integration in PHP."
 arch=('i686' 'x86_64')
 url="https://github.com/amishmm/php-pam"
 license=('PHP')
 depends=('php>=7.2.0' 'pam' 'php-pear')
 makedepends=('autoconf')
-#install=php-pam.install
-source=("${pkgname}-${pkgver}.tar.gz::https://github.com/amishmm/${pkgname}/archive/v${pkgver}.tar.gz" php)
-md5sums=('0182234a17611e79f537c0b16927fe8e'
-         '5fb207f61ff94b0cc7a2dcc1e3c1c388')
+source=("${pkgname}-${pkgver}.tar.gz::https://github.com/amishmm/${pkgname}/archive/v${pkgver}.tar.gz")
+md5sums=('0182234a17611e79f537c0b16927fe8e')
+backup=('etc/pam.d/php')
 
 build() {
   cd "${pkgname}-${pkgver}"
@@ -25,7 +24,20 @@ build() {
 package() {
   cd "${pkgname}-${pkgver}"
   make INSTALL_ROOT="${pkgdir}" install
-  echo -e "extension=pam.so;\npam.servicename=\"php\";" | \
+
+  echo -e "extension=pam.so;\npam.servicename=\"php\";\npam.force_servicename=0;" | \
     install -Dm644 /dev/stdin "${pkgdir}/etc/php/conf.d/pam.ini"
-  install -Dm644 "${srcdir}/php" ${pkgdir}/etc/pam.d/php
+
+  # use archlinux's own system-remote-login as PAM service
+  # because that is expected to be well tested for security
+  # and all future modifications will also automatically apply
+  # NOTE: content copied from /etc/pam.d/sshd
+  install -Dm644 /dev/stdin "${pkgdir}/etc/pam.d/php" << 'EOF'
+#%PAM-1.0
+#auth     required  pam_securetty.so     #disable remote root
+auth      include   system-remote-login
+account   include   system-remote-login
+password  include   system-remote-login
+session   include   system-remote-login
+EOF
 }
diff --git a/php b/php
deleted file mode 100644
index f1feae4d01fd..000000000000
--- a/php
+++ /dev/null
@@ -1,17 +0,0 @@
-#%PAM-1.0
-auth required pam_securetty.so
-auth requisite pam_nologin.so
-auth required pam_unix.so nullok
-auth required pam_tally.so onerr=succeed file=/var/log/faillog
-# use this to lockout accounts for 10 minutes after 3 failed attempts
-#auth required pam_tally.so deny=2 unlock_time=600 onerr=succeed file=/var/log/faillog
-account required pam_access.so
-account required pam_time.so
-account required pam_unix.so
-session required pam_unix.so
-session required pam_env.so
-session required pam_motd.so
-session required pam_limits.so
-session optional pam_lastlog.so
-session optional pam_loginuid.so
-