- do not change permissions with pam_console_apply

- drop obsolete pam_tally module and the faillog file (#461258)
This commit is contained in:
Tomáš Mráz 2009-09-01 16:03:13 +00:00
parent 6572482d29
commit 4774498127
3 changed files with 49 additions and 10 deletions

View File

@ -0,0 +1,26 @@
diff -up Linux-PAM-1.1.0/modules/pam_console/console.handlers.nochmod Linux-PAM-1.1.0/modules/pam_console/console.handlers
--- Linux-PAM-1.1.0/modules/pam_console/console.handlers.nochmod 2008-12-16 13:37:52.000000000 +0100
+++ Linux-PAM-1.1.0/modules/pam_console/console.handlers 2009-09-01 17:20:08.000000000 +0200
@@ -15,5 +15,3 @@
# touch unlock wait /var/run/console-unlocked
console consoledevs tty[0-9][0-9]* vc/[0-9][0-9]* :[0-9]+\.[0-9]+ :[0-9]+
-/sbin/pam_console_apply lock logfail wait -t tty -s
-/sbin/pam_console_apply unlock logfail wait -r -t tty -s
diff -up Linux-PAM-1.1.0/modules/pam_console/Makefile.am.nochmod Linux-PAM-1.1.0/modules/pam_console/Makefile.am
--- Linux-PAM-1.1.0/modules/pam_console/Makefile.am.nochmod 2008-12-16 13:37:52.000000000 +0100
+++ Linux-PAM-1.1.0/modules/pam_console/Makefile.am 2009-09-01 17:42:47.000000000 +0200
@@ -38,7 +38,6 @@ sbin_PROGRAMS = pam_console_apply
secureconf_DATA = console.perms console.handlers
-permsd_DATA = 50-default.perms
FLEX_OPTS = -Cr
BISON_OPTS = -d
@@ -62,4 +61,5 @@ configfile.c: configfile.tab.c configfil
install-data-local:
mkdir -p $(DESTDIR)$(secureconfdir)/console.apps
+ mkdir -p $(DESTDIR)$(permsddir)
mkdir -m $(LOCKMODE) -p -p $(DESTDIR)$(LOCKDIR)

12
pam-1.1.0-notally.patch Normal file
View File

@ -0,0 +1,12 @@
diff -up Linux-PAM-1.1.0/modules/Makefile.am.notally Linux-PAM-1.1.0/modules/Makefile.am
--- Linux-PAM-1.1.0/modules/Makefile.am.notally 2009-07-27 17:39:25.000000000 +0200
+++ Linux-PAM-1.1.0/modules/Makefile.am 2009-09-01 17:40:16.000000000 +0200
@@ -10,7 +10,7 @@ SUBDIRS = pam_access pam_cracklib pam_de
pam_mkhomedir pam_motd pam_namespace pam_nologin \
pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \
pam_selinux pam_sepermit pam_shells pam_stress \
- pam_succeed_if pam_tally pam_tally2 pam_time pam_timestamp \
+ pam_succeed_if pam_tally2 pam_time pam_timestamp \
pam_tty_audit pam_umask \
pam_unix pam_userdb pam_warn pam_wheel pam_xauth

View File

@ -3,7 +3,7 @@
Summary: An extensible library which provides authentication for applications Summary: An extensible library which provides authentication for applications
Name: pam Name: pam
Version: 1.1.0 Version: 1.1.0
Release: 4%{?dist} Release: 5%{?dist}
# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+, # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
License: BSD and GPLv2+ License: BSD and GPLv2+
@ -24,6 +24,8 @@ Source14: 90-nproc.conf
Patch1: pam-1.0.90-redhat-modules.patch Patch1: pam-1.0.90-redhat-modules.patch
Patch2: pam-1.0.91-std-noclose.patch Patch2: pam-1.0.91-std-noclose.patch
Patch3: pam-1.1.0-cracklib-authtok.patch Patch3: pam-1.1.0-cracklib-authtok.patch
Patch4: pam-1.1.0-console-nochmod.patch
Patch5: pam-1.1.0-notally.patch
%define _sbindir /sbin %define _sbindir /sbin
%define _moduledir /%{_lib}/security %define _moduledir /%{_lib}/security
@ -87,6 +89,8 @@ mv pam-redhat-%{pam_redhat_version}/* modules
%patch1 -p1 -b .redhat-modules %patch1 -p1 -b .redhat-modules
%patch2 -p1 -b .std-noclose %patch2 -p1 -b .std-noclose
%patch3 -p1 -b .authtok %patch3 -p1 -b .authtok
%patch4 -p1 -b .nochmod
%patch5 -p1 -b .notally
libtoolize -f libtoolize -f
autoreconf autoreconf
@ -138,7 +142,6 @@ install -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{_pamconfdir}/config-util
install -m 644 %{SOURCE14} $RPM_BUILD_ROOT%{_secconfdir}/limits.d/90-nproc.conf install -m 644 %{SOURCE14} $RPM_BUILD_ROOT%{_secconfdir}/limits.d/90-nproc.conf
install -m 600 /dev/null $RPM_BUILD_ROOT%{_secconfdir}/opasswd install -m 600 /dev/null $RPM_BUILD_ROOT%{_secconfdir}/opasswd
install -d -m 755 $RPM_BUILD_ROOT/var/log install -d -m 755 $RPM_BUILD_ROOT/var/log
install -m 600 /dev/null $RPM_BUILD_ROOT/var/log/faillog
install -m 600 /dev/null $RPM_BUILD_ROOT/var/log/tallylog install -m 600 /dev/null $RPM_BUILD_ROOT/var/log/tallylog
# Install man pages. # Install man pages.
@ -174,7 +177,8 @@ for dir in modules/pam_* ; do
if [ -d ${dir} ] ; then if [ -d ${dir} ] ; then
%if ! %{WITH_SELINUX} %if ! %{WITH_SELINUX}
[ ${dir} = "modules/pam_selinux" ] && continue [ ${dir} = "modules/pam_selinux" ] && continue
%endif %endif
[ ${dir} = "modules/pam_tally" ] && continue
if ! ls -1 $RPM_BUILD_ROOT%{_moduledir}/`basename ${dir}`*.so ; then if ! ls -1 $RPM_BUILD_ROOT%{_moduledir}/`basename ${dir}`*.so ; then
echo ERROR `basename ${dir}` did not build a module. echo ERROR `basename ${dir}` did not build a module.
exit 1 exit 1
@ -198,9 +202,6 @@ rm -rf $RPM_BUILD_ROOT
%post %post
/sbin/ldconfig /sbin/ldconfig
if [ ! -a /var/log/faillog ] ; then
install -m 600 /dev/null /var/log/faillog
fi
if [ ! -a /var/log/tallylog ] ; then if [ ! -a /var/log/tallylog ] ; then
install -m 600 /dev/null /var/log/tallylog install -m 600 /dev/null /var/log/tallylog
fi fi
@ -224,7 +225,6 @@ fi
/%{_lib}/libpamc.so.* /%{_lib}/libpamc.so.*
/%{_lib}/libpam_misc.so.* /%{_lib}/libpam_misc.so.*
%{_sbindir}/pam_console_apply %{_sbindir}/pam_console_apply
%{_sbindir}/pam_tally
%{_sbindir}/pam_tally2 %{_sbindir}/pam_tally2
%attr(4755,root,root) %{_sbindir}/pam_timestamp_check %attr(4755,root,root) %{_sbindir}/pam_timestamp_check
%attr(4755,root,root) %{_sbindir}/unix_chkpwd %attr(4755,root,root) %{_sbindir}/unix_chkpwd
@ -273,7 +273,6 @@ fi
%{_moduledir}/pam_shells.so %{_moduledir}/pam_shells.so
%{_moduledir}/pam_stress.so %{_moduledir}/pam_stress.so
%{_moduledir}/pam_succeed_if.so %{_moduledir}/pam_succeed_if.so
%{_moduledir}/pam_tally.so
%{_moduledir}/pam_tally2.so %{_moduledir}/pam_tally2.so
%{_moduledir}/pam_time.so %{_moduledir}/pam_time.so
%{_moduledir}/pam_timestamp.so %{_moduledir}/pam_timestamp.so
@ -307,10 +306,8 @@ fi
%config(noreplace) %{_secconfdir}/opasswd %config(noreplace) %{_secconfdir}/opasswd
%dir %{_secconfdir}/console.apps %dir %{_secconfdir}/console.apps
%dir %{_secconfdir}/console.perms.d %dir %{_secconfdir}/console.perms.d
%config %{_secconfdir}/console.perms.d/50-default.perms
%dir /var/run/console %dir /var/run/console
%dir /var/run/sepermit %dir /var/run/sepermit
%ghost %verify(not md5 size mtime) /var/log/faillog
%ghost %verify(not md5 size mtime) /var/log/tallylog %ghost %verify(not md5 size mtime) /var/log/tallylog
%{_mandir}/man5/* %{_mandir}/man5/*
%{_mandir}/man8/* %{_mandir}/man8/*
@ -326,6 +323,10 @@ fi
%doc doc/adg/*.txt doc/adg/html %doc doc/adg/*.txt doc/adg/html
%changelog %changelog
* Tue Sep 1 2009 Tomas Mraz <tmraz@redhat.com> 1.1.0-5
- do not change permissions with pam_console_apply
- drop obsolete pam_tally module and the faillog file (#461258)
* Wed Aug 19 2009 Tomas Mraz <tmraz@redhat.com> 1.1.0-4 * Wed Aug 19 2009 Tomas Mraz <tmraz@redhat.com> 1.1.0-4
- rebuild with new libaudit - rebuild with new libaudit