- upgrade to new upstream version, as there are mostly bugfixes except

improved documentation - add support for session and password service for pam_access and pam_succeed_if - system-auth: skip session pam_unix for crond service
2006-08-31 20:51:59 +00:00 · 2006-08-31 20:51:59 +00:00 · 10ddab4186
commit 10ddab4186
parent e3f2d52037
5 changed files with 72 additions and 32 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -1,3 +1,3 @@
 db-4.3.29.tar.gz
-Linux-PAM-0.99.5.0.tar.bz2
 pam-redhat-0.99.6-1.tar.bz2
+Linux-PAM-0.99.6.2.tar.bz2
--- a/pam-0.99.6.2-selinux-keycreate.patch
+++ b/pam-0.99.6.2-selinux-keycreate.patch
@ -0,0 +1,42 @@
+--- Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c.keycreate	2006-08-31 17:26:46.000000000 +0200
+++ Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c	2006-08-31 19:01:05.000000000 +0200
+@@ -391,6 +391,28 @@
+       pam_syslog(pamh, LOG_NOTICE, "set %s security context to %s",
+ 		 (const char *)username, user_context);
+   }
+#ifdef HAVE_SETKEYCREATECON
+  ret = setkeycreatecon(user_context);
+  if (ret==0 && verbose) {
+    char msg[PATH_MAX];
+    snprintf(msg, sizeof(msg),
+	     _("Key Creation Context %s Assigned"), user_context);
+    verbose_message(pamh, msg, debug);
+  }
+  if (ret) {
+    pam_syslog(pamh, LOG_ERR,
+	       "Error!  Unable to set %s key creation context %s.",
+	       (const char *)username, user_context);
+    if (security_getenforce() == 1) {
+       freecon(user_context);
+       return PAM_AUTH_ERR;
+    }
+  } else {
+    if (debug)
+      pam_syslog(pamh, LOG_NOTICE, "set %s key creation context to %s",
+		 (const char *)username, user_context);
+  }
+#endif
+   freecon(user_context);
+ 
+   return PAM_SUCCESS;
+--- Linux-PAM-0.99.6.2/configure.in.keycreate	2006-08-31 17:26:46.000000000 +0200
+++ Linux-PAM-0.99.6.2/configure.in	2006-08-31 18:59:52.000000000 +0200
+@@ -397,7 +397,7 @@
+ AC_CHECK_FUNCS(strcspn strdup strspn strstr strtol uname)
+ AC_CHECK_FUNCS(getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r)
+ AC_CHECK_FUNCS(getgrouplist getline getdelim)
+-AC_CHECK_FUNCS(inet_ntop inet_pton ruserok_af)
+AC_CHECK_FUNCS(inet_ntop inet_pton ruserok_af setkeycreatecon)
+ 
+ AC_CHECK_FUNCS(unshare, [UNSHARE=yes], [UNSHARE=no])
+ AM_CONDITIONAL([HAVE_UNSHARE], [test "$UNSHARE" = yes])
--- a/pam.spec
+++ b/pam.spec
@ -10,12 +10,12 @@

 Summary: A security tool which provides authentication for applications
 Name: pam
-Version: 0.99.5.0
-Release: 8%{?dist}
+Version: 0.99.6.2
+Release: 1%{?dist}
 License: GPL or BSD
 Group: System Environment/Base
-Source0: ftp.us.kernel.org:/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2
-Source1: ftp.us.kernel.org:/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2.sign
+Source0: http://ftp.us.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2
+Source1: http://ftp.us.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2.sign
 Source2: pam-redhat-%{pam_redhat_version}.tar.bz2
 Source4: db-%{db_version}.tar.gz
 Source5: other.pamd
@ -26,22 +26,14 @@ Source9: system-auth.5
 Source10: config-util.5
 Patch1: pam-0.99.5.0-redhat-modules.patch
 Patch21: pam-0.78-unix-hpux-aging.patch
-Patch28: pam-0.75-sgml2latex.patch
 Patch34: pam-0.99.4.0-dbpam.patch
 Patch70: pam-0.99.2.1-selinux-nofail.patch
 Patch80: pam-0.99.5.0-selinux-drop-multiple.patch
 Patch81: pam-0.99.3.0-cracklib-try-first-pass.patch
 Patch82: pam-0.99.3.0-tally-fail-close.patch
-Patch83: pam-0.99.4.0-succif-service.patch
-Patch84: pam-0.99.5.0-access-gai.patch
-Patch85: pam-0.99.5.0-selinux-enoent.patch
-Patch86: pam-0.99.5.0-console-no-ainit.patch
-Patch87: pam-0.99.5.0-keyinit-no-debug.patch
-Patch88: pam-0.99.5.0-keyinit-multiinit.patch
-Patch89: pam-0.99.5.0-keyinit-revoke-user.patch
-Patch90: pam-0.99.5.0-namespace-init.patch
-Patch91: pam-0.99.5.0-succif-unknown-user.patch
-Patch92: pam-0.99.5.0-selinux-keycreate.patch
+Patch83: pam-0.99.5.0-console-no-ainit.patch
+Patch84: pam-0.99.6.2-selinux-keycreate.patch
+Patch85: pam-0.99.6.0-succif-session.patch

 BuildRoot: %{_tmppath}/%{name}-root
 Requires: cracklib, cracklib-dicts >= 2.8
@ -95,26 +87,15 @@ cp %{SOURCE7} .

 %patch1 -p1 -b .redhat-modules
 %patch21 -p1 -b .unix-hpux-aging
-%patch28 -p1 -b .doc
 %patch34 -p1 -b .dbpam
 %patch70 -p1 -b .nofail
 %patch80 -p1 -b .drop-multiple
 %patch81 -p1 -b .try-first-pass
 %patch82 -p1 -b .fail-close
-%patch83 -p1 -b .service
-%patch84 -p0 -b .gai
-%patch85 -p1 -b .enoent
-%patch86 -p1 -b .no-ainit
-%patch87 -p1 -b .no-debug
-%patch88 -p1 -b .multiinit
-%patch89 -p1 -b .revoke-user
-%patch90 -p1 -b .namespace-init
-%patch91 -p1 -b .unknown-user
-%patch92 -p1 -b .keycreate
+%patch83 -p1 -b .no-ainit
+%patch84 -p1 -b .keycreate
+%patch85 -p0 -b .session

-for readme in modules/pam_*/README ; do
-	cp -f ${readme} doc/txts/README.`dirname ${readme} | sed -e 's|^modules/||'`
-done
 autoreconf

 %build
@ -157,6 +138,12 @@ make

 %install
 rm -rf $RPM_BUILD_ROOT
+
+mkdir -p doc/txts
+for readme in modules/pam_*/README ; do
+	cp -f ${readme} doc/txts/README.`dirname ${readme} | sed -e 's|^modules/||'`
+done
+
 # Install the binaries, libraries, and modules.
 make install DESTDIR=$RPM_BUILD_ROOT LDCONFIG=:

@ -284,7 +271,8 @@ fi
 %config(noreplace) /etc/pam.d/system-auth
 %config(noreplace) /etc/pam.d/config-util
 %doc Copyright
-%doc doc/html doc/txts
+%doc doc/txts
+%doc doc/sag/*.txt doc/sag/html
 %doc doc/specs/rfc86.0.txt
 /%{_lib}/libpam.so.*
 /%{_lib}/libpamc.so.*
@ -375,8 +363,17 @@ fi
 %{_libdir}/libpam.so
 %{_libdir}/libpamc.so
 %{_libdir}/libpam_misc.so
+%doc doc/mwg/*.txt doc/mwg/html
+%doc doc/adg/*.txt doc/adg/html

 %changelog
+* Thu Aug 31 2006 Tomas Mraz <tmraz@redhat.com> 0.99.6.2-1
+- upgrade to new upstream version, as there are mostly bugfixes except
+  improved documentation
+- add support for session and password service for pam_access and
+  pam_succeed_if
+- system-auth: skip session pam_unix for crond service
+
 * Thu Aug 10 2006 Dan Walsh <dwalsh@redhat.com> 0.99.5.0-8
 - Add new setkeycreatecon call to pam_selinux to make sure keyring has correct context

--- a/2
+++ b/2
@ -1,3 +1,3 @@
 13585a20ce32f113b8e8cdb57f52e3bb  db-4.3.29.tar.gz
-dbc8608b2a9bc6b8cf50dd1fbc68cf3b  Linux-PAM-0.99.5.0.tar.bz2
 2dc76a335ddf9e4259aa4e00e5ebaf61  pam-redhat-0.99.6-1.tar.bz2
+52844c64efa6f8b6a9ed702eec341a4c  Linux-PAM-0.99.6.2.tar.bz2
--- a/system-auth.pamd
+++ b/system-auth.pamd
@ -13,4 +13,5 @@ password    required      pam_deny.so

 session     optional      pam_keyinit.so revoke
 session     required      pam_limits.so
+session     [success=1 default=ignore] pam_succeed_if.so service in crond
 session     required      pam_unix.so