From 10ddab4186f53362592ab4888ced1e95fcc22a74 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Thu, 31 Aug 2006 20:51:59 +0000 Subject: [PATCH] - upgrade to new upstream version, as there are mostly bugfixes except improved documentation - add support for session and password service for pam_access and pam_succeed_if - system-auth: skip session pam_unix for crond service --- .cvsignore | 2 +- pam-0.99.6.2-selinux-keycreate.patch | 42 ++++++++++++++++++++ pam.spec | 57 +++++++++++++--------------- sources | 2 +- system-auth.pamd | 1 + 5 files changed, 72 insertions(+), 32 deletions(-) create mode 100644 pam-0.99.6.2-selinux-keycreate.patch diff --git a/.cvsignore b/.cvsignore index 90529c6..b7626c0 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,3 +1,3 @@ db-4.3.29.tar.gz -Linux-PAM-0.99.5.0.tar.bz2 pam-redhat-0.99.6-1.tar.bz2 +Linux-PAM-0.99.6.2.tar.bz2 diff --git a/pam-0.99.6.2-selinux-keycreate.patch b/pam-0.99.6.2-selinux-keycreate.patch new file mode 100644 index 0000000..9747b0b --- /dev/null +++ b/pam-0.99.6.2-selinux-keycreate.patch @@ -0,0 +1,42 @@ +--- Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c.keycreate 2006-08-31 17:26:46.000000000 +0200 ++++ Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c 2006-08-31 19:01:05.000000000 +0200 +@@ -391,6 +391,28 @@ + pam_syslog(pamh, LOG_NOTICE, "set %s security context to %s", + (const char *)username, user_context); + } ++#ifdef HAVE_SETKEYCREATECON ++ ret = setkeycreatecon(user_context); ++ if (ret==0 && verbose) { ++ char msg[PATH_MAX]; ++ snprintf(msg, sizeof(msg), ++ _("Key Creation Context %s Assigned"), user_context); ++ verbose_message(pamh, msg, debug); ++ } ++ if (ret) { ++ pam_syslog(pamh, LOG_ERR, ++ "Error! Unable to set %s key creation context %s.", ++ (const char *)username, user_context); ++ if (security_getenforce() == 1) { ++ freecon(user_context); ++ return PAM_AUTH_ERR; ++ } ++ } else { ++ if (debug) ++ pam_syslog(pamh, LOG_NOTICE, "set %s key creation context to %s", ++ (const char *)username, user_context); ++ } ++#endif + freecon(user_context); + + return PAM_SUCCESS; +--- Linux-PAM-0.99.6.2/configure.in.keycreate 2006-08-31 17:26:46.000000000 +0200 ++++ Linux-PAM-0.99.6.2/configure.in 2006-08-31 18:59:52.000000000 +0200 +@@ -397,7 +397,7 @@ + AC_CHECK_FUNCS(strcspn strdup strspn strstr strtol uname) + AC_CHECK_FUNCS(getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r) + AC_CHECK_FUNCS(getgrouplist getline getdelim) +-AC_CHECK_FUNCS(inet_ntop inet_pton ruserok_af) ++AC_CHECK_FUNCS(inet_ntop inet_pton ruserok_af setkeycreatecon) + + AC_CHECK_FUNCS(unshare, [UNSHARE=yes], [UNSHARE=no]) + AM_CONDITIONAL([HAVE_UNSHARE], [test "$UNSHARE" = yes]) diff --git a/pam.spec b/pam.spec index 743493a..089bc4d 100644 --- a/pam.spec +++ b/pam.spec @@ -10,12 +10,12 @@ Summary: A security tool which provides authentication for applications Name: pam -Version: 0.99.5.0 -Release: 8%{?dist} +Version: 0.99.6.2 +Release: 1%{?dist} License: GPL or BSD Group: System Environment/Base -Source0: ftp.us.kernel.org:/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2 -Source1: ftp.us.kernel.org:/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2.sign +Source0: http://ftp.us.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2 +Source1: http://ftp.us.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2.sign Source2: pam-redhat-%{pam_redhat_version}.tar.bz2 Source4: db-%{db_version}.tar.gz Source5: other.pamd @@ -26,22 +26,14 @@ Source9: system-auth.5 Source10: config-util.5 Patch1: pam-0.99.5.0-redhat-modules.patch Patch21: pam-0.78-unix-hpux-aging.patch -Patch28: pam-0.75-sgml2latex.patch Patch34: pam-0.99.4.0-dbpam.patch Patch70: pam-0.99.2.1-selinux-nofail.patch Patch80: pam-0.99.5.0-selinux-drop-multiple.patch Patch81: pam-0.99.3.0-cracklib-try-first-pass.patch Patch82: pam-0.99.3.0-tally-fail-close.patch -Patch83: pam-0.99.4.0-succif-service.patch -Patch84: pam-0.99.5.0-access-gai.patch -Patch85: pam-0.99.5.0-selinux-enoent.patch -Patch86: pam-0.99.5.0-console-no-ainit.patch -Patch87: pam-0.99.5.0-keyinit-no-debug.patch -Patch88: pam-0.99.5.0-keyinit-multiinit.patch -Patch89: pam-0.99.5.0-keyinit-revoke-user.patch -Patch90: pam-0.99.5.0-namespace-init.patch -Patch91: pam-0.99.5.0-succif-unknown-user.patch -Patch92: pam-0.99.5.0-selinux-keycreate.patch +Patch83: pam-0.99.5.0-console-no-ainit.patch +Patch84: pam-0.99.6.2-selinux-keycreate.patch +Patch85: pam-0.99.6.0-succif-session.patch BuildRoot: %{_tmppath}/%{name}-root Requires: cracklib, cracklib-dicts >= 2.8 @@ -95,26 +87,15 @@ cp %{SOURCE7} . %patch1 -p1 -b .redhat-modules %patch21 -p1 -b .unix-hpux-aging -%patch28 -p1 -b .doc %patch34 -p1 -b .dbpam %patch70 -p1 -b .nofail %patch80 -p1 -b .drop-multiple %patch81 -p1 -b .try-first-pass %patch82 -p1 -b .fail-close -%patch83 -p1 -b .service -%patch84 -p0 -b .gai -%patch85 -p1 -b .enoent -%patch86 -p1 -b .no-ainit -%patch87 -p1 -b .no-debug -%patch88 -p1 -b .multiinit -%patch89 -p1 -b .revoke-user -%patch90 -p1 -b .namespace-init -%patch91 -p1 -b .unknown-user -%patch92 -p1 -b .keycreate +%patch83 -p1 -b .no-ainit +%patch84 -p1 -b .keycreate +%patch85 -p0 -b .session -for readme in modules/pam_*/README ; do - cp -f ${readme} doc/txts/README.`dirname ${readme} | sed -e 's|^modules/||'` -done autoreconf %build @@ -157,6 +138,12 @@ make %install rm -rf $RPM_BUILD_ROOT + +mkdir -p doc/txts +for readme in modules/pam_*/README ; do + cp -f ${readme} doc/txts/README.`dirname ${readme} | sed -e 's|^modules/||'` +done + # Install the binaries, libraries, and modules. make install DESTDIR=$RPM_BUILD_ROOT LDCONFIG=: @@ -284,7 +271,8 @@ fi %config(noreplace) /etc/pam.d/system-auth %config(noreplace) /etc/pam.d/config-util %doc Copyright -%doc doc/html doc/txts +%doc doc/txts +%doc doc/sag/*.txt doc/sag/html %doc doc/specs/rfc86.0.txt /%{_lib}/libpam.so.* /%{_lib}/libpamc.so.* @@ -375,8 +363,17 @@ fi %{_libdir}/libpam.so %{_libdir}/libpamc.so %{_libdir}/libpam_misc.so +%doc doc/mwg/*.txt doc/mwg/html +%doc doc/adg/*.txt doc/adg/html %changelog +* Thu Aug 31 2006 Tomas Mraz 0.99.6.2-1 +- upgrade to new upstream version, as there are mostly bugfixes except + improved documentation +- add support for session and password service for pam_access and + pam_succeed_if +- system-auth: skip session pam_unix for crond service + * Thu Aug 10 2006 Dan Walsh 0.99.5.0-8 - Add new setkeycreatecon call to pam_selinux to make sure keyring has correct context diff --git a/sources b/sources index 9c32e3b..7b15af9 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ 13585a20ce32f113b8e8cdb57f52e3bb db-4.3.29.tar.gz -dbc8608b2a9bc6b8cf50dd1fbc68cf3b Linux-PAM-0.99.5.0.tar.bz2 2dc76a335ddf9e4259aa4e00e5ebaf61 pam-redhat-0.99.6-1.tar.bz2 +52844c64efa6f8b6a9ed702eec341a4c Linux-PAM-0.99.6.2.tar.bz2 diff --git a/system-auth.pamd b/system-auth.pamd index c044952..764ad8d 100644 --- a/system-auth.pamd +++ b/system-auth.pamd @@ -13,4 +13,5 @@ password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so +session [success=1 default=ignore] pam_succeed_if.so service in crond session required pam_unix.so