- upgrade to new upstream version, as there are mostly bugfixes except

improved documentation
- add support for session and password service for pam_access and
    pam_succeed_if
- system-auth: skip session pam_unix for crond service
This commit is contained in:
Tomáš Mráz 2006-08-31 20:51:59 +00:00
parent e3f2d52037
commit 10ddab4186
5 changed files with 72 additions and 32 deletions

View File

@ -1,3 +1,3 @@
db-4.3.29.tar.gz db-4.3.29.tar.gz
Linux-PAM-0.99.5.0.tar.bz2
pam-redhat-0.99.6-1.tar.bz2 pam-redhat-0.99.6-1.tar.bz2
Linux-PAM-0.99.6.2.tar.bz2

View File

@ -0,0 +1,42 @@
--- Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c.keycreate 2006-08-31 17:26:46.000000000 +0200
+++ Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c 2006-08-31 19:01:05.000000000 +0200
@@ -391,6 +391,28 @@
pam_syslog(pamh, LOG_NOTICE, "set %s security context to %s",
(const char *)username, user_context);
}
+#ifdef HAVE_SETKEYCREATECON
+ ret = setkeycreatecon(user_context);
+ if (ret==0 && verbose) {
+ char msg[PATH_MAX];
+ snprintf(msg, sizeof(msg),
+ _("Key Creation Context %s Assigned"), user_context);
+ verbose_message(pamh, msg, debug);
+ }
+ if (ret) {
+ pam_syslog(pamh, LOG_ERR,
+ "Error! Unable to set %s key creation context %s.",
+ (const char *)username, user_context);
+ if (security_getenforce() == 1) {
+ freecon(user_context);
+ return PAM_AUTH_ERR;
+ }
+ } else {
+ if (debug)
+ pam_syslog(pamh, LOG_NOTICE, "set %s key creation context to %s",
+ (const char *)username, user_context);
+ }
+#endif
freecon(user_context);
return PAM_SUCCESS;
--- Linux-PAM-0.99.6.2/configure.in.keycreate 2006-08-31 17:26:46.000000000 +0200
+++ Linux-PAM-0.99.6.2/configure.in 2006-08-31 18:59:52.000000000 +0200
@@ -397,7 +397,7 @@
AC_CHECK_FUNCS(strcspn strdup strspn strstr strtol uname)
AC_CHECK_FUNCS(getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r)
AC_CHECK_FUNCS(getgrouplist getline getdelim)
-AC_CHECK_FUNCS(inet_ntop inet_pton ruserok_af)
+AC_CHECK_FUNCS(inet_ntop inet_pton ruserok_af setkeycreatecon)
AC_CHECK_FUNCS(unshare, [UNSHARE=yes], [UNSHARE=no])
AM_CONDITIONAL([HAVE_UNSHARE], [test "$UNSHARE" = yes])

View File

@ -10,12 +10,12 @@
Summary: A security tool which provides authentication for applications Summary: A security tool which provides authentication for applications
Name: pam Name: pam
Version: 0.99.5.0 Version: 0.99.6.2
Release: 8%{?dist} Release: 1%{?dist}
License: GPL or BSD License: GPL or BSD
Group: System Environment/Base Group: System Environment/Base
Source0: ftp.us.kernel.org:/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2 Source0: http://ftp.us.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2
Source1: ftp.us.kernel.org:/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2.sign Source1: http://ftp.us.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2.sign
Source2: pam-redhat-%{pam_redhat_version}.tar.bz2 Source2: pam-redhat-%{pam_redhat_version}.tar.bz2
Source4: db-%{db_version}.tar.gz Source4: db-%{db_version}.tar.gz
Source5: other.pamd Source5: other.pamd
@ -26,22 +26,14 @@ Source9: system-auth.5
Source10: config-util.5 Source10: config-util.5
Patch1: pam-0.99.5.0-redhat-modules.patch Patch1: pam-0.99.5.0-redhat-modules.patch
Patch21: pam-0.78-unix-hpux-aging.patch Patch21: pam-0.78-unix-hpux-aging.patch
Patch28: pam-0.75-sgml2latex.patch
Patch34: pam-0.99.4.0-dbpam.patch Patch34: pam-0.99.4.0-dbpam.patch
Patch70: pam-0.99.2.1-selinux-nofail.patch Patch70: pam-0.99.2.1-selinux-nofail.patch
Patch80: pam-0.99.5.0-selinux-drop-multiple.patch Patch80: pam-0.99.5.0-selinux-drop-multiple.patch
Patch81: pam-0.99.3.0-cracklib-try-first-pass.patch Patch81: pam-0.99.3.0-cracklib-try-first-pass.patch
Patch82: pam-0.99.3.0-tally-fail-close.patch Patch82: pam-0.99.3.0-tally-fail-close.patch
Patch83: pam-0.99.4.0-succif-service.patch Patch83: pam-0.99.5.0-console-no-ainit.patch
Patch84: pam-0.99.5.0-access-gai.patch Patch84: pam-0.99.6.2-selinux-keycreate.patch
Patch85: pam-0.99.5.0-selinux-enoent.patch Patch85: pam-0.99.6.0-succif-session.patch
Patch86: pam-0.99.5.0-console-no-ainit.patch
Patch87: pam-0.99.5.0-keyinit-no-debug.patch
Patch88: pam-0.99.5.0-keyinit-multiinit.patch
Patch89: pam-0.99.5.0-keyinit-revoke-user.patch
Patch90: pam-0.99.5.0-namespace-init.patch
Patch91: pam-0.99.5.0-succif-unknown-user.patch
Patch92: pam-0.99.5.0-selinux-keycreate.patch
BuildRoot: %{_tmppath}/%{name}-root BuildRoot: %{_tmppath}/%{name}-root
Requires: cracklib, cracklib-dicts >= 2.8 Requires: cracklib, cracklib-dicts >= 2.8
@ -95,26 +87,15 @@ cp %{SOURCE7} .
%patch1 -p1 -b .redhat-modules %patch1 -p1 -b .redhat-modules
%patch21 -p1 -b .unix-hpux-aging %patch21 -p1 -b .unix-hpux-aging
%patch28 -p1 -b .doc
%patch34 -p1 -b .dbpam %patch34 -p1 -b .dbpam
%patch70 -p1 -b .nofail %patch70 -p1 -b .nofail
%patch80 -p1 -b .drop-multiple %patch80 -p1 -b .drop-multiple
%patch81 -p1 -b .try-first-pass %patch81 -p1 -b .try-first-pass
%patch82 -p1 -b .fail-close %patch82 -p1 -b .fail-close
%patch83 -p1 -b .service %patch83 -p1 -b .no-ainit
%patch84 -p0 -b .gai %patch84 -p1 -b .keycreate
%patch85 -p1 -b .enoent %patch85 -p0 -b .session
%patch86 -p1 -b .no-ainit
%patch87 -p1 -b .no-debug
%patch88 -p1 -b .multiinit
%patch89 -p1 -b .revoke-user
%patch90 -p1 -b .namespace-init
%patch91 -p1 -b .unknown-user
%patch92 -p1 -b .keycreate
for readme in modules/pam_*/README ; do
cp -f ${readme} doc/txts/README.`dirname ${readme} | sed -e 's|^modules/||'`
done
autoreconf autoreconf
%build %build
@ -157,6 +138,12 @@ make
%install %install
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
mkdir -p doc/txts
for readme in modules/pam_*/README ; do
cp -f ${readme} doc/txts/README.`dirname ${readme} | sed -e 's|^modules/||'`
done
# Install the binaries, libraries, and modules. # Install the binaries, libraries, and modules.
make install DESTDIR=$RPM_BUILD_ROOT LDCONFIG=: make install DESTDIR=$RPM_BUILD_ROOT LDCONFIG=:
@ -284,7 +271,8 @@ fi
%config(noreplace) /etc/pam.d/system-auth %config(noreplace) /etc/pam.d/system-auth
%config(noreplace) /etc/pam.d/config-util %config(noreplace) /etc/pam.d/config-util
%doc Copyright %doc Copyright
%doc doc/html doc/txts %doc doc/txts
%doc doc/sag/*.txt doc/sag/html
%doc doc/specs/rfc86.0.txt %doc doc/specs/rfc86.0.txt
/%{_lib}/libpam.so.* /%{_lib}/libpam.so.*
/%{_lib}/libpamc.so.* /%{_lib}/libpamc.so.*
@ -375,8 +363,17 @@ fi
%{_libdir}/libpam.so %{_libdir}/libpam.so
%{_libdir}/libpamc.so %{_libdir}/libpamc.so
%{_libdir}/libpam_misc.so %{_libdir}/libpam_misc.so
%doc doc/mwg/*.txt doc/mwg/html
%doc doc/adg/*.txt doc/adg/html
%changelog %changelog
* Thu Aug 31 2006 Tomas Mraz <tmraz@redhat.com> 0.99.6.2-1
- upgrade to new upstream version, as there are mostly bugfixes except
improved documentation
- add support for session and password service for pam_access and
pam_succeed_if
- system-auth: skip session pam_unix for crond service
* Thu Aug 10 2006 Dan Walsh <dwalsh@redhat.com> 0.99.5.0-8 * Thu Aug 10 2006 Dan Walsh <dwalsh@redhat.com> 0.99.5.0-8
- Add new setkeycreatecon call to pam_selinux to make sure keyring has correct context - Add new setkeycreatecon call to pam_selinux to make sure keyring has correct context

View File

@ -1,3 +1,3 @@
13585a20ce32f113b8e8cdb57f52e3bb db-4.3.29.tar.gz 13585a20ce32f113b8e8cdb57f52e3bb db-4.3.29.tar.gz
dbc8608b2a9bc6b8cf50dd1fbc68cf3b Linux-PAM-0.99.5.0.tar.bz2
2dc76a335ddf9e4259aa4e00e5ebaf61 pam-redhat-0.99.6-1.tar.bz2 2dc76a335ddf9e4259aa4e00e5ebaf61 pam-redhat-0.99.6-1.tar.bz2
52844c64efa6f8b6a9ed702eec341a4c Linux-PAM-0.99.6.2.tar.bz2

View File

@ -13,4 +13,5 @@ password required pam_deny.so
session optional pam_keyinit.so revoke session optional pam_keyinit.so revoke
session required pam_limits.so session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond
session required pam_unix.so session required pam_unix.so