- do not change permissions with pam_console_apply
- drop obsolete pam_tally module and the faillog file (#461258)
This commit is contained in:
parent
6572482d29
commit
4774498127
26
pam-1.1.0-console-nochmod.patch
Normal file
26
pam-1.1.0-console-nochmod.patch
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
diff -up Linux-PAM-1.1.0/modules/pam_console/console.handlers.nochmod Linux-PAM-1.1.0/modules/pam_console/console.handlers
|
||||||
|
--- Linux-PAM-1.1.0/modules/pam_console/console.handlers.nochmod 2008-12-16 13:37:52.000000000 +0100
|
||||||
|
+++ Linux-PAM-1.1.0/modules/pam_console/console.handlers 2009-09-01 17:20:08.000000000 +0200
|
||||||
|
@@ -15,5 +15,3 @@
|
||||||
|
# touch unlock wait /var/run/console-unlocked
|
||||||
|
|
||||||
|
console consoledevs tty[0-9][0-9]* vc/[0-9][0-9]* :[0-9]+\.[0-9]+ :[0-9]+
|
||||||
|
-/sbin/pam_console_apply lock logfail wait -t tty -s
|
||||||
|
-/sbin/pam_console_apply unlock logfail wait -r -t tty -s
|
||||||
|
diff -up Linux-PAM-1.1.0/modules/pam_console/Makefile.am.nochmod Linux-PAM-1.1.0/modules/pam_console/Makefile.am
|
||||||
|
--- Linux-PAM-1.1.0/modules/pam_console/Makefile.am.nochmod 2008-12-16 13:37:52.000000000 +0100
|
||||||
|
+++ Linux-PAM-1.1.0/modules/pam_console/Makefile.am 2009-09-01 17:42:47.000000000 +0200
|
||||||
|
@@ -38,7 +38,6 @@ sbin_PROGRAMS = pam_console_apply
|
||||||
|
|
||||||
|
|
||||||
|
secureconf_DATA = console.perms console.handlers
|
||||||
|
-permsd_DATA = 50-default.perms
|
||||||
|
|
||||||
|
FLEX_OPTS = -Cr
|
||||||
|
BISON_OPTS = -d
|
||||||
|
@@ -62,4 +61,5 @@ configfile.c: configfile.tab.c configfil
|
||||||
|
|
||||||
|
install-data-local:
|
||||||
|
mkdir -p $(DESTDIR)$(secureconfdir)/console.apps
|
||||||
|
+ mkdir -p $(DESTDIR)$(permsddir)
|
||||||
|
mkdir -m $(LOCKMODE) -p -p $(DESTDIR)$(LOCKDIR)
|
12
pam-1.1.0-notally.patch
Normal file
12
pam-1.1.0-notally.patch
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
diff -up Linux-PAM-1.1.0/modules/Makefile.am.notally Linux-PAM-1.1.0/modules/Makefile.am
|
||||||
|
--- Linux-PAM-1.1.0/modules/Makefile.am.notally 2009-07-27 17:39:25.000000000 +0200
|
||||||
|
+++ Linux-PAM-1.1.0/modules/Makefile.am 2009-09-01 17:40:16.000000000 +0200
|
||||||
|
@@ -10,7 +10,7 @@ SUBDIRS = pam_access pam_cracklib pam_de
|
||||||
|
pam_mkhomedir pam_motd pam_namespace pam_nologin \
|
||||||
|
pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \
|
||||||
|
pam_selinux pam_sepermit pam_shells pam_stress \
|
||||||
|
- pam_succeed_if pam_tally pam_tally2 pam_time pam_timestamp \
|
||||||
|
+ pam_succeed_if pam_tally2 pam_time pam_timestamp \
|
||||||
|
pam_tty_audit pam_umask \
|
||||||
|
pam_unix pam_userdb pam_warn pam_wheel pam_xauth
|
||||||
|
|
21
pam.spec
21
pam.spec
@ -3,7 +3,7 @@
|
|||||||
Summary: An extensible library which provides authentication for applications
|
Summary: An extensible library which provides authentication for applications
|
||||||
Name: pam
|
Name: pam
|
||||||
Version: 1.1.0
|
Version: 1.1.0
|
||||||
Release: 4%{?dist}
|
Release: 5%{?dist}
|
||||||
# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
|
# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
|
||||||
# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
|
# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
|
||||||
License: BSD and GPLv2+
|
License: BSD and GPLv2+
|
||||||
@ -24,6 +24,8 @@ Source14: 90-nproc.conf
|
|||||||
Patch1: pam-1.0.90-redhat-modules.patch
|
Patch1: pam-1.0.90-redhat-modules.patch
|
||||||
Patch2: pam-1.0.91-std-noclose.patch
|
Patch2: pam-1.0.91-std-noclose.patch
|
||||||
Patch3: pam-1.1.0-cracklib-authtok.patch
|
Patch3: pam-1.1.0-cracklib-authtok.patch
|
||||||
|
Patch4: pam-1.1.0-console-nochmod.patch
|
||||||
|
Patch5: pam-1.1.0-notally.patch
|
||||||
|
|
||||||
%define _sbindir /sbin
|
%define _sbindir /sbin
|
||||||
%define _moduledir /%{_lib}/security
|
%define _moduledir /%{_lib}/security
|
||||||
@ -87,6 +89,8 @@ mv pam-redhat-%{pam_redhat_version}/* modules
|
|||||||
%patch1 -p1 -b .redhat-modules
|
%patch1 -p1 -b .redhat-modules
|
||||||
%patch2 -p1 -b .std-noclose
|
%patch2 -p1 -b .std-noclose
|
||||||
%patch3 -p1 -b .authtok
|
%patch3 -p1 -b .authtok
|
||||||
|
%patch4 -p1 -b .nochmod
|
||||||
|
%patch5 -p1 -b .notally
|
||||||
|
|
||||||
libtoolize -f
|
libtoolize -f
|
||||||
autoreconf
|
autoreconf
|
||||||
@ -138,7 +142,6 @@ install -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{_pamconfdir}/config-util
|
|||||||
install -m 644 %{SOURCE14} $RPM_BUILD_ROOT%{_secconfdir}/limits.d/90-nproc.conf
|
install -m 644 %{SOURCE14} $RPM_BUILD_ROOT%{_secconfdir}/limits.d/90-nproc.conf
|
||||||
install -m 600 /dev/null $RPM_BUILD_ROOT%{_secconfdir}/opasswd
|
install -m 600 /dev/null $RPM_BUILD_ROOT%{_secconfdir}/opasswd
|
||||||
install -d -m 755 $RPM_BUILD_ROOT/var/log
|
install -d -m 755 $RPM_BUILD_ROOT/var/log
|
||||||
install -m 600 /dev/null $RPM_BUILD_ROOT/var/log/faillog
|
|
||||||
install -m 600 /dev/null $RPM_BUILD_ROOT/var/log/tallylog
|
install -m 600 /dev/null $RPM_BUILD_ROOT/var/log/tallylog
|
||||||
|
|
||||||
# Install man pages.
|
# Install man pages.
|
||||||
@ -174,7 +177,8 @@ for dir in modules/pam_* ; do
|
|||||||
if [ -d ${dir} ] ; then
|
if [ -d ${dir} ] ; then
|
||||||
%if ! %{WITH_SELINUX}
|
%if ! %{WITH_SELINUX}
|
||||||
[ ${dir} = "modules/pam_selinux" ] && continue
|
[ ${dir} = "modules/pam_selinux" ] && continue
|
||||||
%endif
|
%endif
|
||||||
|
[ ${dir} = "modules/pam_tally" ] && continue
|
||||||
if ! ls -1 $RPM_BUILD_ROOT%{_moduledir}/`basename ${dir}`*.so ; then
|
if ! ls -1 $RPM_BUILD_ROOT%{_moduledir}/`basename ${dir}`*.so ; then
|
||||||
echo ERROR `basename ${dir}` did not build a module.
|
echo ERROR `basename ${dir}` did not build a module.
|
||||||
exit 1
|
exit 1
|
||||||
@ -198,9 +202,6 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
|
|
||||||
%post
|
%post
|
||||||
/sbin/ldconfig
|
/sbin/ldconfig
|
||||||
if [ ! -a /var/log/faillog ] ; then
|
|
||||||
install -m 600 /dev/null /var/log/faillog
|
|
||||||
fi
|
|
||||||
if [ ! -a /var/log/tallylog ] ; then
|
if [ ! -a /var/log/tallylog ] ; then
|
||||||
install -m 600 /dev/null /var/log/tallylog
|
install -m 600 /dev/null /var/log/tallylog
|
||||||
fi
|
fi
|
||||||
@ -224,7 +225,6 @@ fi
|
|||||||
/%{_lib}/libpamc.so.*
|
/%{_lib}/libpamc.so.*
|
||||||
/%{_lib}/libpam_misc.so.*
|
/%{_lib}/libpam_misc.so.*
|
||||||
%{_sbindir}/pam_console_apply
|
%{_sbindir}/pam_console_apply
|
||||||
%{_sbindir}/pam_tally
|
|
||||||
%{_sbindir}/pam_tally2
|
%{_sbindir}/pam_tally2
|
||||||
%attr(4755,root,root) %{_sbindir}/pam_timestamp_check
|
%attr(4755,root,root) %{_sbindir}/pam_timestamp_check
|
||||||
%attr(4755,root,root) %{_sbindir}/unix_chkpwd
|
%attr(4755,root,root) %{_sbindir}/unix_chkpwd
|
||||||
@ -273,7 +273,6 @@ fi
|
|||||||
%{_moduledir}/pam_shells.so
|
%{_moduledir}/pam_shells.so
|
||||||
%{_moduledir}/pam_stress.so
|
%{_moduledir}/pam_stress.so
|
||||||
%{_moduledir}/pam_succeed_if.so
|
%{_moduledir}/pam_succeed_if.so
|
||||||
%{_moduledir}/pam_tally.so
|
|
||||||
%{_moduledir}/pam_tally2.so
|
%{_moduledir}/pam_tally2.so
|
||||||
%{_moduledir}/pam_time.so
|
%{_moduledir}/pam_time.so
|
||||||
%{_moduledir}/pam_timestamp.so
|
%{_moduledir}/pam_timestamp.so
|
||||||
@ -307,10 +306,8 @@ fi
|
|||||||
%config(noreplace) %{_secconfdir}/opasswd
|
%config(noreplace) %{_secconfdir}/opasswd
|
||||||
%dir %{_secconfdir}/console.apps
|
%dir %{_secconfdir}/console.apps
|
||||||
%dir %{_secconfdir}/console.perms.d
|
%dir %{_secconfdir}/console.perms.d
|
||||||
%config %{_secconfdir}/console.perms.d/50-default.perms
|
|
||||||
%dir /var/run/console
|
%dir /var/run/console
|
||||||
%dir /var/run/sepermit
|
%dir /var/run/sepermit
|
||||||
%ghost %verify(not md5 size mtime) /var/log/faillog
|
|
||||||
%ghost %verify(not md5 size mtime) /var/log/tallylog
|
%ghost %verify(not md5 size mtime) /var/log/tallylog
|
||||||
%{_mandir}/man5/*
|
%{_mandir}/man5/*
|
||||||
%{_mandir}/man8/*
|
%{_mandir}/man8/*
|
||||||
@ -326,6 +323,10 @@ fi
|
|||||||
%doc doc/adg/*.txt doc/adg/html
|
%doc doc/adg/*.txt doc/adg/html
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Sep 1 2009 Tomas Mraz <tmraz@redhat.com> 1.1.0-5
|
||||||
|
- do not change permissions with pam_console_apply
|
||||||
|
- drop obsolete pam_tally module and the faillog file (#461258)
|
||||||
|
|
||||||
* Wed Aug 19 2009 Tomas Mraz <tmraz@redhat.com> 1.1.0-4
|
* Wed Aug 19 2009 Tomas Mraz <tmraz@redhat.com> 1.1.0-4
|
||||||
- rebuild with new libaudit
|
- rebuild with new libaudit
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user