- upgrade to new upstream version, as there are mostly bugfixes except
improved documentation - add support for session and password service for pam_access and pam_succeed_if - system-auth: skip session pam_unix for crond service
This commit is contained in:
parent
e3f2d52037
commit
10ddab4186
@ -1,3 +1,3 @@
|
|||||||
db-4.3.29.tar.gz
|
db-4.3.29.tar.gz
|
||||||
Linux-PAM-0.99.5.0.tar.bz2
|
|
||||||
pam-redhat-0.99.6-1.tar.bz2
|
pam-redhat-0.99.6-1.tar.bz2
|
||||||
|
Linux-PAM-0.99.6.2.tar.bz2
|
||||||
|
42
pam-0.99.6.2-selinux-keycreate.patch
Normal file
42
pam-0.99.6.2-selinux-keycreate.patch
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
--- Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c.keycreate 2006-08-31 17:26:46.000000000 +0200
|
||||||
|
+++ Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c 2006-08-31 19:01:05.000000000 +0200
|
||||||
|
@@ -391,6 +391,28 @@
|
||||||
|
pam_syslog(pamh, LOG_NOTICE, "set %s security context to %s",
|
||||||
|
(const char *)username, user_context);
|
||||||
|
}
|
||||||
|
+#ifdef HAVE_SETKEYCREATECON
|
||||||
|
+ ret = setkeycreatecon(user_context);
|
||||||
|
+ if (ret==0 && verbose) {
|
||||||
|
+ char msg[PATH_MAX];
|
||||||
|
+ snprintf(msg, sizeof(msg),
|
||||||
|
+ _("Key Creation Context %s Assigned"), user_context);
|
||||||
|
+ verbose_message(pamh, msg, debug);
|
||||||
|
+ }
|
||||||
|
+ if (ret) {
|
||||||
|
+ pam_syslog(pamh, LOG_ERR,
|
||||||
|
+ "Error! Unable to set %s key creation context %s.",
|
||||||
|
+ (const char *)username, user_context);
|
||||||
|
+ if (security_getenforce() == 1) {
|
||||||
|
+ freecon(user_context);
|
||||||
|
+ return PAM_AUTH_ERR;
|
||||||
|
+ }
|
||||||
|
+ } else {
|
||||||
|
+ if (debug)
|
||||||
|
+ pam_syslog(pamh, LOG_NOTICE, "set %s key creation context to %s",
|
||||||
|
+ (const char *)username, user_context);
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
freecon(user_context);
|
||||||
|
|
||||||
|
return PAM_SUCCESS;
|
||||||
|
--- Linux-PAM-0.99.6.2/configure.in.keycreate 2006-08-31 17:26:46.000000000 +0200
|
||||||
|
+++ Linux-PAM-0.99.6.2/configure.in 2006-08-31 18:59:52.000000000 +0200
|
||||||
|
@@ -397,7 +397,7 @@
|
||||||
|
AC_CHECK_FUNCS(strcspn strdup strspn strstr strtol uname)
|
||||||
|
AC_CHECK_FUNCS(getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r)
|
||||||
|
AC_CHECK_FUNCS(getgrouplist getline getdelim)
|
||||||
|
-AC_CHECK_FUNCS(inet_ntop inet_pton ruserok_af)
|
||||||
|
+AC_CHECK_FUNCS(inet_ntop inet_pton ruserok_af setkeycreatecon)
|
||||||
|
|
||||||
|
AC_CHECK_FUNCS(unshare, [UNSHARE=yes], [UNSHARE=no])
|
||||||
|
AM_CONDITIONAL([HAVE_UNSHARE], [test "$UNSHARE" = yes])
|
57
pam.spec
57
pam.spec
@ -10,12 +10,12 @@
|
|||||||
|
|
||||||
Summary: A security tool which provides authentication for applications
|
Summary: A security tool which provides authentication for applications
|
||||||
Name: pam
|
Name: pam
|
||||||
Version: 0.99.5.0
|
Version: 0.99.6.2
|
||||||
Release: 8%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPL or BSD
|
License: GPL or BSD
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source0: ftp.us.kernel.org:/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2
|
Source0: http://ftp.us.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2
|
||||||
Source1: ftp.us.kernel.org:/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2.sign
|
Source1: http://ftp.us.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2.sign
|
||||||
Source2: pam-redhat-%{pam_redhat_version}.tar.bz2
|
Source2: pam-redhat-%{pam_redhat_version}.tar.bz2
|
||||||
Source4: db-%{db_version}.tar.gz
|
Source4: db-%{db_version}.tar.gz
|
||||||
Source5: other.pamd
|
Source5: other.pamd
|
||||||
@ -26,22 +26,14 @@ Source9: system-auth.5
|
|||||||
Source10: config-util.5
|
Source10: config-util.5
|
||||||
Patch1: pam-0.99.5.0-redhat-modules.patch
|
Patch1: pam-0.99.5.0-redhat-modules.patch
|
||||||
Patch21: pam-0.78-unix-hpux-aging.patch
|
Patch21: pam-0.78-unix-hpux-aging.patch
|
||||||
Patch28: pam-0.75-sgml2latex.patch
|
|
||||||
Patch34: pam-0.99.4.0-dbpam.patch
|
Patch34: pam-0.99.4.0-dbpam.patch
|
||||||
Patch70: pam-0.99.2.1-selinux-nofail.patch
|
Patch70: pam-0.99.2.1-selinux-nofail.patch
|
||||||
Patch80: pam-0.99.5.0-selinux-drop-multiple.patch
|
Patch80: pam-0.99.5.0-selinux-drop-multiple.patch
|
||||||
Patch81: pam-0.99.3.0-cracklib-try-first-pass.patch
|
Patch81: pam-0.99.3.0-cracklib-try-first-pass.patch
|
||||||
Patch82: pam-0.99.3.0-tally-fail-close.patch
|
Patch82: pam-0.99.3.0-tally-fail-close.patch
|
||||||
Patch83: pam-0.99.4.0-succif-service.patch
|
Patch83: pam-0.99.5.0-console-no-ainit.patch
|
||||||
Patch84: pam-0.99.5.0-access-gai.patch
|
Patch84: pam-0.99.6.2-selinux-keycreate.patch
|
||||||
Patch85: pam-0.99.5.0-selinux-enoent.patch
|
Patch85: pam-0.99.6.0-succif-session.patch
|
||||||
Patch86: pam-0.99.5.0-console-no-ainit.patch
|
|
||||||
Patch87: pam-0.99.5.0-keyinit-no-debug.patch
|
|
||||||
Patch88: pam-0.99.5.0-keyinit-multiinit.patch
|
|
||||||
Patch89: pam-0.99.5.0-keyinit-revoke-user.patch
|
|
||||||
Patch90: pam-0.99.5.0-namespace-init.patch
|
|
||||||
Patch91: pam-0.99.5.0-succif-unknown-user.patch
|
|
||||||
Patch92: pam-0.99.5.0-selinux-keycreate.patch
|
|
||||||
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-root
|
BuildRoot: %{_tmppath}/%{name}-root
|
||||||
Requires: cracklib, cracklib-dicts >= 2.8
|
Requires: cracklib, cracklib-dicts >= 2.8
|
||||||
@ -95,26 +87,15 @@ cp %{SOURCE7} .
|
|||||||
|
|
||||||
%patch1 -p1 -b .redhat-modules
|
%patch1 -p1 -b .redhat-modules
|
||||||
%patch21 -p1 -b .unix-hpux-aging
|
%patch21 -p1 -b .unix-hpux-aging
|
||||||
%patch28 -p1 -b .doc
|
|
||||||
%patch34 -p1 -b .dbpam
|
%patch34 -p1 -b .dbpam
|
||||||
%patch70 -p1 -b .nofail
|
%patch70 -p1 -b .nofail
|
||||||
%patch80 -p1 -b .drop-multiple
|
%patch80 -p1 -b .drop-multiple
|
||||||
%patch81 -p1 -b .try-first-pass
|
%patch81 -p1 -b .try-first-pass
|
||||||
%patch82 -p1 -b .fail-close
|
%patch82 -p1 -b .fail-close
|
||||||
%patch83 -p1 -b .service
|
%patch83 -p1 -b .no-ainit
|
||||||
%patch84 -p0 -b .gai
|
%patch84 -p1 -b .keycreate
|
||||||
%patch85 -p1 -b .enoent
|
%patch85 -p0 -b .session
|
||||||
%patch86 -p1 -b .no-ainit
|
|
||||||
%patch87 -p1 -b .no-debug
|
|
||||||
%patch88 -p1 -b .multiinit
|
|
||||||
%patch89 -p1 -b .revoke-user
|
|
||||||
%patch90 -p1 -b .namespace-init
|
|
||||||
%patch91 -p1 -b .unknown-user
|
|
||||||
%patch92 -p1 -b .keycreate
|
|
||||||
|
|
||||||
for readme in modules/pam_*/README ; do
|
|
||||||
cp -f ${readme} doc/txts/README.`dirname ${readme} | sed -e 's|^modules/||'`
|
|
||||||
done
|
|
||||||
autoreconf
|
autoreconf
|
||||||
|
|
||||||
%build
|
%build
|
||||||
@ -157,6 +138,12 @@ make
|
|||||||
|
|
||||||
%install
|
%install
|
||||||
rm -rf $RPM_BUILD_ROOT
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
|
||||||
|
mkdir -p doc/txts
|
||||||
|
for readme in modules/pam_*/README ; do
|
||||||
|
cp -f ${readme} doc/txts/README.`dirname ${readme} | sed -e 's|^modules/||'`
|
||||||
|
done
|
||||||
|
|
||||||
# Install the binaries, libraries, and modules.
|
# Install the binaries, libraries, and modules.
|
||||||
make install DESTDIR=$RPM_BUILD_ROOT LDCONFIG=:
|
make install DESTDIR=$RPM_BUILD_ROOT LDCONFIG=:
|
||||||
|
|
||||||
@ -284,7 +271,8 @@ fi
|
|||||||
%config(noreplace) /etc/pam.d/system-auth
|
%config(noreplace) /etc/pam.d/system-auth
|
||||||
%config(noreplace) /etc/pam.d/config-util
|
%config(noreplace) /etc/pam.d/config-util
|
||||||
%doc Copyright
|
%doc Copyright
|
||||||
%doc doc/html doc/txts
|
%doc doc/txts
|
||||||
|
%doc doc/sag/*.txt doc/sag/html
|
||||||
%doc doc/specs/rfc86.0.txt
|
%doc doc/specs/rfc86.0.txt
|
||||||
/%{_lib}/libpam.so.*
|
/%{_lib}/libpam.so.*
|
||||||
/%{_lib}/libpamc.so.*
|
/%{_lib}/libpamc.so.*
|
||||||
@ -375,8 +363,17 @@ fi
|
|||||||
%{_libdir}/libpam.so
|
%{_libdir}/libpam.so
|
||||||
%{_libdir}/libpamc.so
|
%{_libdir}/libpamc.so
|
||||||
%{_libdir}/libpam_misc.so
|
%{_libdir}/libpam_misc.so
|
||||||
|
%doc doc/mwg/*.txt doc/mwg/html
|
||||||
|
%doc doc/adg/*.txt doc/adg/html
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Aug 31 2006 Tomas Mraz <tmraz@redhat.com> 0.99.6.2-1
|
||||||
|
- upgrade to new upstream version, as there are mostly bugfixes except
|
||||||
|
improved documentation
|
||||||
|
- add support for session and password service for pam_access and
|
||||||
|
pam_succeed_if
|
||||||
|
- system-auth: skip session pam_unix for crond service
|
||||||
|
|
||||||
* Thu Aug 10 2006 Dan Walsh <dwalsh@redhat.com> 0.99.5.0-8
|
* Thu Aug 10 2006 Dan Walsh <dwalsh@redhat.com> 0.99.5.0-8
|
||||||
- Add new setkeycreatecon call to pam_selinux to make sure keyring has correct context
|
- Add new setkeycreatecon call to pam_selinux to make sure keyring has correct context
|
||||||
|
|
||||||
|
2
sources
2
sources
@ -1,3 +1,3 @@
|
|||||||
13585a20ce32f113b8e8cdb57f52e3bb db-4.3.29.tar.gz
|
13585a20ce32f113b8e8cdb57f52e3bb db-4.3.29.tar.gz
|
||||||
dbc8608b2a9bc6b8cf50dd1fbc68cf3b Linux-PAM-0.99.5.0.tar.bz2
|
|
||||||
2dc76a335ddf9e4259aa4e00e5ebaf61 pam-redhat-0.99.6-1.tar.bz2
|
2dc76a335ddf9e4259aa4e00e5ebaf61 pam-redhat-0.99.6-1.tar.bz2
|
||||||
|
52844c64efa6f8b6a9ed702eec341a4c Linux-PAM-0.99.6.2.tar.bz2
|
||||||
|
@ -13,4 +13,5 @@ password required pam_deny.so
|
|||||||
|
|
||||||
session optional pam_keyinit.so revoke
|
session optional pam_keyinit.so revoke
|
||||||
session required pam_limits.so
|
session required pam_limits.so
|
||||||
|
session [success=1 default=ignore] pam_succeed_if.so service in crond
|
||||||
session required pam_unix.so
|
session required pam_unix.so
|
||||||
|
Loading…
Reference in New Issue
Block a user