import pam-1.3.1-11.el8

2020-06-09 20:03:02 +00:00 · 2020-06-09 20:03:02 +00:00 · bf6c39c301
parent b62f027199
commit bf6c39c301
2 changed files with 71 additions and 115 deletions
--- a/SOURCES/pam-1.3.1-pam-usertype.patch
+++ b/SOURCES/pam-1.3.1-pam-usertype.patch
@ -1,40 +1,7 @@
-From 926d7935edf35385e6c28bb97666aee443b71e46 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Fri, 10 Jan 2020 15:53:35 +0100
-Subject: [PATCH] pam_usertype: new module to tell if uid is in login.defs
- ranges
-
-This module will check if the user account type is system or regular based
-on its uid. To evaluate the condition it will use 0-99 reserved range
-together with `SYS_UID_MIN` and `SYS_UID_MAX` values from `/etc/login.defs`.
-
-If these values are not set, it uses configure-time defaults
-`--with-sys-uid-min` and `--with-uid-min` (according to `login.defs` man page
-`SYS_UID_MAX` defaults to `UID_MIN - 1`.
-
-This information can be used to skip specific module in pam stack
-based on the account type. `pam_succeed_if uid < 1000` is used at the moment
-however it does not reflect changes to `login.defs`.
---
- configure.ac                            |  22 ++
- modules/Makefile.am                     |   2 +-
- modules/pam_usertype/Makefile.am        |  34 +++
- modules/pam_usertype/README.xml         |  41 +++
- modules/pam_usertype/pam_usertype.8.xml | 170 +++++++++++++
- modules/pam_usertype/pam_usertype.c     | 319 ++++++++++++++++++++++++
- modules/pam_usertype/tst-pam_usertype   |   2 +
- 7 files changed, 589 insertions(+), 1 deletion(-)
- create mode 100644 modules/pam_usertype/Makefile.am
- create mode 100644 modules/pam_usertype/README.xml
- create mode 100644 modules/pam_usertype/pam_usertype.8.xml
- create mode 100644 modules/pam_usertype/pam_usertype.c
- create mode 100755 modules/pam_usertype/tst-pam_usertype
-
-diff --git a/configure.ac b/configure.ac
-index 90818683..2e7f131f 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -649,6 +649,27 @@ AC_SUBST([HAVE_KEY_MANAGEMENT], $HAVE_KEY_MANAGEMENT)
+diff -up Linux-PAM-1.3.1/configure.ac.pam-usertype Linux-PAM-1.3.1/configure.ac
+--- Linux-PAM-1.3.1/configure.ac.pam-usertype	2020-05-15 10:03:27.247468160 +0200
+++ Linux-PAM-1.3.1/configure.ac	2020-05-15 10:03:27.270468089 +0200
+@@ -606,6 +606,27 @@ AC_SUBST([HAVE_KEY_MANAGEMENT], $HAVE_KE
 
 AM_CONDITIONAL([HAVE_KEY_MANAGEMENT], [test "$have_key_syscalls" = 1])
 
@ -62,7 +29,7 @@ index 90818683..2e7f131f 100644
 dnl Files to be created from when we run configure
 AC_CONFIG_FILES([Makefile libpam/Makefile libpamc/Makefile libpamc/test/Makefile \
 	libpam_misc/Makefile conf/Makefile conf/pam_conv1/Makefile \
-@@ -677,6 +698,7 @@ AC_CONFIG_FILES([Makefile libpam/Makefile libpamc/Makefile libpamc/test/Makefile
+@@ -636,6 +657,7 @@ AC_CONFIG_FILES([Makefile libpam/Makefil
 	modules/pam_timestamp/Makefile modules/pam_tty_audit/Makefile \
 	modules/pam_umask/Makefile \
 	modules/pam_unix/Makefile modules/pam_userdb/Makefile \
@ -70,11 +37,10 @@ index 90818683..2e7f131f 100644
 	modules/pam_warn/Makefile modules/pam_wheel/Makefile \
 	modules/pam_xauth/Makefile doc/Makefile doc/specs/Makefile \
 	doc/man/Makefile doc/sag/Makefile doc/adg/Makefile \
-diff --git a/modules/Makefile.am b/modules/Makefile.am
-index 612fc740..d9659cb7 100644
--- a/modules/Makefile.am
-+++ b/modules/Makefile.am
-@@ -19,7 +19,7 @@ SUBDIRS := pam_access pam_cracklib pam_debug pam_deny pam_echo \
+diff -up Linux-PAM-1.3.1/modules/Makefile.am.pam-usertype Linux-PAM-1.3.1/modules/Makefile.am
+--- Linux-PAM-1.3.1/modules/Makefile.am.pam-usertype	2020-05-15 10:03:27.247468160 +0200
+++ Linux-PAM-1.3.1/modules/Makefile.am	2020-05-15 10:03:27.270468089 +0200
+@@ -12,7 +12,7 @@ SUBDIRS = pam_access pam_cracklib pam_de
 	pam_selinux pam_sepermit pam_shells pam_stress \
 	pam_succeed_if pam_time pam_timestamp \
 	pam_tty_audit pam_umask \
@ -83,11 +49,9 @@ index 612fc740..d9659cb7 100644
 
 CLEANFILES = *~
 
-diff --git a/modules/pam_usertype/Makefile.am b/modules/pam_usertype/Makefile.am
-new file mode 100644
-index 00000000..1646bc34
--- /dev/null
-+++ b/modules/pam_usertype/Makefile.am
+diff -up Linux-PAM-1.3.1/modules/pam_usertype/Makefile.am.pam-usertype Linux-PAM-1.3.1/modules/pam_usertype/Makefile.am
+--- Linux-PAM-1.3.1/modules/pam_usertype/Makefile.am.pam-usertype	2020-05-15 10:03:27.270468089 +0200
+++ Linux-PAM-1.3.1/modules/pam_usertype/Makefile.am	2020-05-15 10:03:27.270468089 +0200
@@ -0,0 +1,34 @@
 +#
 +# Copyright (c) 2005, 2006, 2009 Thorsten Kukuk <kukuk@suse.de>
@ -123,58 +87,9 @@ index 00000000..1646bc34
 +README: pam_usertype.8.xml
 +-include $(top_srcdir)/Make.xml.rules
 +endif
-diff --git a/modules/pam_usertype/README.xml b/modules/pam_usertype/README.xml
-new file mode 100644
-index 00000000..58550465
--- /dev/null
-+++ b/modules/pam_usertype/README.xml
-@@ -0,0 +1,41 @@
-+<?xml version="1.0" encoding='UTF-8'?>
-+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
-+"http://www.docbook.org/xml/4.3/docbookx.dtd"
-+[
-+<!--
-+<!ENTITY pamaccess SYSTEM "pam_usertype.8.xml">
-+-->
-+]>
-+
-+<article>
-+
-+  <articleinfo>
-+
-+    <title>
-+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-+      href="pam_usertype.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_usertype-name"]/*)'/>
-+    </title>
-+
-+  </articleinfo>
-+
-+  <section>
-+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-+      href="pam_usertype.8.xml" xpointer='xpointer(//refsect1[@id = "pam_usertype-description"]/*)'/>
-+  </section>
-+
-+  <section>
-+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-+      href="pam_usertype.8.xml" xpointer='xpointer(//refsect1[@id = "pam_usertype-options"]/*)'/>
-+  </section>
-+
-+  <section>
-+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-+      href="pam_usertype.8.xml" xpointer='xpointer(//refsect1[@id = "pam_usertype-examples"]/*)'/>
-+  </section>
-+
-+  <section>
-+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-+      href="pam_usertype.8.xml" xpointer='xpointer(//refsect1[@id = "pam_usertype-author"]/*)'/>
-+  </section>
-+
-+</article>
-diff --git a/modules/pam_usertype/pam_usertype.8.xml b/modules/pam_usertype/pam_usertype.8.xml
-new file mode 100644
-index 00000000..1ba4ee71
--- /dev/null
-+++ b/modules/pam_usertype/pam_usertype.8.xml
+diff -up Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.8.xml.pam-usertype Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.8.xml
+--- Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.8.xml.pam-usertype	2020-05-15 10:03:27.270468089 +0200
+++ Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.8.xml	2020-05-15 10:03:27.270468089 +0200
@@ -0,0 +1,170 @@
 +<?xml version="1.0" encoding='UTF-8'?>
 +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
@ -346,12 +261,10 @@ index 00000000..1ba4ee71
 +    <para>Pavel Březina &lt;pbrezina@redhat.com&gt;</para>
 +  </refsect1>
 +</refentry>
-diff --git a/modules/pam_usertype/pam_usertype.c b/modules/pam_usertype/pam_usertype.c
-new file mode 100644
-index 00000000..d3629c13
--- /dev/null
-+++ b/modules/pam_usertype/pam_usertype.c
-@@ -0,0 +1,319 @@
+diff -up Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.c.pam-usertype Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.c
+--- Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.c.pam-usertype	2020-05-15 10:03:27.270468089 +0200
+++ Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.c	2020-05-15 10:16:08.053198025 +0200
+@@ -0,0 +1,394 @@
 +/******************************************************************************
 + * Check user type based on login.defs.
 + *
@ -746,14 +659,54 @@ index 00000000..d3629c13
 +{
 +	return pam_sm_authenticate(pamh, flags, argc, argv);
 +}
-diff --git a/modules/pam_usertype/tst-pam_usertype b/modules/pam_usertype/tst-pam_usertype
-new file mode 100755
-index 00000000..a21f8fe7
--- /dev/null
-+++ b/modules/pam_usertype/tst-pam_usertype
+diff -up Linux-PAM-1.3.1/modules/pam_usertype/README.xml.pam-usertype Linux-PAM-1.3.1/modules/pam_usertype/README.xml
+--- Linux-PAM-1.3.1/modules/pam_usertype/README.xml.pam-usertype	2020-05-15 10:03:27.270468089 +0200
+++ Linux-PAM-1.3.1/modules/pam_usertype/README.xml	2020-05-15 10:03:27.270468089 +0200
+@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+"http://www.docbook.org/xml/4.3/docbookx.dtd"
+[
+<!--
+<!ENTITY pamaccess SYSTEM "pam_usertype.8.xml">
+-->
+]>
+
+<article>
+
+  <articleinfo>
+
+    <title>
+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_usertype.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_usertype-name"]/*)'/>
+    </title>
+
+  </articleinfo>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_usertype.8.xml" xpointer='xpointer(//refsect1[@id = "pam_usertype-description"]/*)'/>
+  </section>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_usertype.8.xml" xpointer='xpointer(//refsect1[@id = "pam_usertype-options"]/*)'/>
+  </section>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_usertype.8.xml" xpointer='xpointer(//refsect1[@id = "pam_usertype-examples"]/*)'/>
+  </section>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_usertype.8.xml" xpointer='xpointer(//refsect1[@id = "pam_usertype-author"]/*)'/>
+  </section>
+
+</article>
+diff -up Linux-PAM-1.3.1/modules/pam_usertype/tst-pam_usertype.pam-usertype Linux-PAM-1.3.1/modules/pam_usertype/tst-pam_usertype
+--- Linux-PAM-1.3.1/modules/pam_usertype/tst-pam_usertype.pam-usertype	2020-05-15 10:03:27.270468089 +0200
+++ Linux-PAM-1.3.1/modules/pam_usertype/tst-pam_usertype	2020-05-15 10:03:27.270468089 +0200
@@ -0,0 +1,2 @@
 +#!/bin/sh
 +../../tests/tst-dlopen .libs/pam_usertype.so
-- 
-2.25.2
-
--- a/SPECS/pam.spec
+++ b/SPECS/pam.spec
@ -3,7 +3,7 @@
 Summary: An extensible library which provides authentication for applications
 Name: pam
 Version: 1.3.1
-Release: 10%{?dist}
+Release: 11%{?dist}
 # The library is BSD licensed with option to relicense as GPLv2+
 # - this option is redundant as the BSD license allows that anyway.
 # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
@ -399,6 +399,9 @@ done
 %doc doc/specs/rfc86.0.txt

 %changelog
+* Fri May 15 2020 Iker Pedrosa <ipedrosa@redhat.com> 1.3.1-11
+- pam_usertype: fixed malformed patch
+
 * Tue Apr 21 2020 Iker Pedrosa <ipedrosa@redhat.com> 1.3.1-10
 - pam_modutil_sanitize_helper_fds: fix SIGPIPE effect of PAM_MODUTIL_PIPE_FD (#1791970)