Add support for building minimal PAM chains.pambase-20100925pambase-20100903

When setting the MINIMAL flag on, the generated PAM chains will not use
tally, motd, mail or lastlog modules, making th elogin quiet and skipping
over the update of the login files.

3 files changed, 20 insertions, 8 deletions

diff --git a/Makefile b/Makefile
index 18a30d2..31482e8 100644
--- a/Makefile
+++ b/Makefile
@@ -56,6 +56,10 @@ ifeq "$(DEBUG)" "yes"
 PAMFLAGS += -DDEBUG=debug
 endif
 
+ifeq "$(MINIMAL)" "yes"
+PAMFLAGS += -DMINIMAL
+endif
+
 all: $(PAMD)
 
 install: $(PAMD)
diff --git a/linux-pam-conf b/linux-pam-conf
index b5db3c3..7d3d07e 100644
--- a/linux-pam-conf
+++ b/linux-pam-conf
@@ -2,23 +2,29 @@
 #define HAVE_ENV			1
 #define HAVE_ACCESS			1
 #define HAVE_SHELLS			1
-#define HAVE_MOTD			1
-#define HAVE_MAIL			1
+
 #define SUPPORT_UNIX_SESSION		1
 #define SUPPORT_NOLOGIN_ACCOUNT		1
 #define SUPPORT_NOLOGIN_AUTH		1
 
+#if !MINIMAL
+# define HAVE_MOTD			1
+# define HAVE_MAIL			1
+# define HAVE_LASTLOG                   1
+
+# if LINUX_PAM_VERSION > 0x010100 /* 1.1.0 */
+#  define TALLY_MODULE pam_tally2.so
+# else
+#  define TALLY_MODULE pam_tally.so
+# endif
+
+#endif
+
 #if WANT_SHA512
 # define UNIX_EXTENDED_ENCRYPTION	sha512 shadow
 #else
 # define UNIX_EXTENDED_ENCRYPTION	md5 shadow
 #endif
 
-#if LINUX_PAM_VERSION > 0x010100 /* 1.1.0 */
-# define TALLY_MODULE pam_tally2.so
-#else
-# define TALLY_MODULE pam_tally.so
-#endif
-
 #define LIKEAUTH likeauth
 #define DEBUG_NOLOGIN
diff --git a/system-login.in b/system-login.in
index e44c9af..3073a10 100644
--- a/system-login.in
+++ b/system-login.in
@@ -37,7 +37,9 @@ session		required	pam_selinux.so close
 #if HAVE_ENV
 session		required	pam_env.so DEBUG
 #endif
+#if HAVE_LASTLOG
 session		optional	pam_lastlog.so DEBUG
+#endif
 session		include		system-auth
 #if HAVE_CONSOLEKIT
 session		optional	pam_ck_connector.so nox11