rpms
/
pam
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import pam-1.3.1-11.el8

This commit is contained in:
CentOS Sources 2020-06-09 20:03:02 +00:00 committed by Andrew Lukoshko
parent b62f027199
commit bf6c39c301
2 changed files with 71 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

181
SOURCES/pam-1.3.1-pam-usertype.patch
View File

@ -1,40 +1,7 @@
From 926d7935edf35385e6c28bb97666aee443b71e46 Mon Sep 17 00:00:00 2001 diff -up Linux-PAM-1.3.1/configure.ac.pam-usertype Linux-PAM-1.3.1/configure.ac
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com> --- Linux-PAM-1.3.1/configure.ac.pam-usertype 2020-05-15 10:03:27.247468160 +0200
Date: Fri, 10 Jan 2020 15:53:35 +0100 +++ Linux-PAM-1.3.1/configure.ac 2020-05-15 10:03:27.270468089 +0200
Subject: [PATCH] pam_usertype: new module to tell if uid is in login.defs @@ -606,6 +606,27 @@ AC_SUBST([HAVE_KEY_MANAGEMENT], $HAVE_KE
ranges
This module will check if the user account type is system or regular based
on its uid. To evaluate the condition it will use 0-99 reserved range
together with `SYS_UID_MIN` and `SYS_UID_MAX` values from `/etc/login.defs`.
If these values are not set, it uses configure-time defaults
`--with-sys-uid-min` and `--with-uid-min` (according to `login.defs` man page
`SYS_UID_MAX` defaults to `UID_MIN - 1`.
This information can be used to skip specific module in pam stack
based on the account type. `pam_succeed_if uid < 1000` is used at the moment
however it does not reflect changes to `login.defs`.
---
configure.ac | 22 ++
modules/Makefile.am | 2 +-
modules/pam_usertype/Makefile.am | 34 +++
modules/pam_usertype/README.xml | 41 +++
modules/pam_usertype/pam_usertype.8.xml | 170 +++++++++++++
modules/pam_usertype/pam_usertype.c | 319 ++++++++++++++++++++++++
modules/pam_usertype/tst-pam_usertype | 2 +
7 files changed, 589 insertions(+), 1 deletion(-)
create mode 100644 modules/pam_usertype/Makefile.am
create mode 100644 modules/pam_usertype/README.xml
create mode 100644 modules/pam_usertype/pam_usertype.8.xml
create mode 100644 modules/pam_usertype/pam_usertype.c
create mode 100755 modules/pam_usertype/tst-pam_usertype
diff --git a/configure.ac b/configure.ac
index 90818683..2e7f131f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -649,6 +649,27 @@ AC_SUBST([HAVE_KEY_MANAGEMENT], $HAVE_KEY_MANAGEMENT)
AM_CONDITIONAL([HAVE_KEY_MANAGEMENT], [test "$have_key_syscalls" = 1]) AM_CONDITIONAL([HAVE_KEY_MANAGEMENT], [test "$have_key_syscalls" = 1])
@ -62,7 +29,7 @@ index 90818683..2e7f131f 100644
dnl Files to be created from when we run configure dnl Files to be created from when we run configure
AC_CONFIG_FILES([Makefile libpam/Makefile libpamc/Makefile libpamc/test/Makefile \ AC_CONFIG_FILES([Makefile libpam/Makefile libpamc/Makefile libpamc/test/Makefile \
libpam_misc/Makefile conf/Makefile conf/pam_conv1/Makefile \ libpam_misc/Makefile conf/Makefile conf/pam_conv1/Makefile \
@@ -677,6 +698,7 @@ AC_CONFIG_FILES([Makefile libpam/Makefile libpamc/Makefile libpamc/test/Makefile @@ -636,6 +657,7 @@ AC_CONFIG_FILES([Makefile libpam/Makefil
modules/pam_timestamp/Makefile modules/pam_tty_audit/Makefile \ modules/pam_timestamp/Makefile modules/pam_tty_audit/Makefile \
modules/pam_umask/Makefile \ modules/pam_umask/Makefile \
modules/pam_unix/Makefile modules/pam_userdb/Makefile \ modules/pam_unix/Makefile modules/pam_userdb/Makefile \
@ -70,11 +37,10 @@ index 90818683..2e7f131f 100644
modules/pam_warn/Makefile modules/pam_wheel/Makefile \ modules/pam_warn/Makefile modules/pam_wheel/Makefile \
modules/pam_xauth/Makefile doc/Makefile doc/specs/Makefile \ modules/pam_xauth/Makefile doc/Makefile doc/specs/Makefile \
doc/man/Makefile doc/sag/Makefile doc/adg/Makefile \ doc/man/Makefile doc/sag/Makefile doc/adg/Makefile \
diff --git a/modules/Makefile.am b/modules/Makefile.am diff -up Linux-PAM-1.3.1/modules/Makefile.am.pam-usertype Linux-PAM-1.3.1/modules/Makefile.am
index 612fc740..d9659cb7 100644 --- Linux-PAM-1.3.1/modules/Makefile.am.pam-usertype 2020-05-15 10:03:27.247468160 +0200
--- a/modules/Makefile.am +++ Linux-PAM-1.3.1/modules/Makefile.am 2020-05-15 10:03:27.270468089 +0200
+++ b/modules/Makefile.am @@ -12,7 +12,7 @@ SUBDIRS = pam_access pam_cracklib pam_de
@@ -19,7 +19,7 @@ SUBDIRS := pam_access pam_cracklib pam_debug pam_deny pam_echo \
pam_selinux pam_sepermit pam_shells pam_stress \ pam_selinux pam_sepermit pam_shells pam_stress \
pam_succeed_if pam_time pam_timestamp \ pam_succeed_if pam_time pam_timestamp \
pam_tty_audit pam_umask \ pam_tty_audit pam_umask \
@ -83,11 +49,9 @@ index 612fc740..d9659cb7 100644
CLEANFILES = *~ CLEANFILES = *~
diff --git a/modules/pam_usertype/Makefile.am b/modules/pam_usertype/Makefile.am diff -up Linux-PAM-1.3.1/modules/pam_usertype/Makefile.am.pam-usertype Linux-PAM-1.3.1/modules/pam_usertype/Makefile.am
new file mode 100644 --- Linux-PAM-1.3.1/modules/pam_usertype/Makefile.am.pam-usertype 2020-05-15 10:03:27.270468089 +0200
index 00000000..1646bc34 +++ Linux-PAM-1.3.1/modules/pam_usertype/Makefile.am 2020-05-15 10:03:27.270468089 +0200
--- /dev/null
+++ b/modules/pam_usertype/Makefile.am
@@ -0,0 +1,34 @@ @@ -0,0 +1,34 @@
+# +#
+# Copyright (c) 2005, 2006, 2009 Thorsten Kukuk <kukuk@suse.de> +# Copyright (c) 2005, 2006, 2009 Thorsten Kukuk <kukuk@suse.de>
@ -123,58 +87,9 @@ index 00000000..1646bc34
+README: pam_usertype.8.xml +README: pam_usertype.8.xml
+-include $(top_srcdir)/Make.xml.rules +-include $(top_srcdir)/Make.xml.rules
+endif +endif
diff --git a/modules/pam_usertype/README.xml b/modules/pam_usertype/README.xml diff -up Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.8.xml.pam-usertype Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.8.xml
new file mode 100644 --- Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.8.xml.pam-usertype 2020-05-15 10:03:27.270468089 +0200
index 00000000..58550465 +++ Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.8.xml 2020-05-15 10:03:27.270468089 +0200
--- /dev/null
+++ b/modules/pam_usertype/README.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+"http://www.docbook.org/xml/4.3/docbookx.dtd"
+[
+<!--
+<!ENTITY pamaccess SYSTEM "pam_usertype.8.xml">
+-->
+]>
+
+<article>
+
+ <articleinfo>
+
+ <title>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_usertype.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_usertype-name"]/*)'/>
+ </title>
+
+ </articleinfo>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_usertype.8.xml" xpointer='xpointer(//refsect1[@id = "pam_usertype-description"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_usertype.8.xml" xpointer='xpointer(//refsect1[@id = "pam_usertype-options"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_usertype.8.xml" xpointer='xpointer(//refsect1[@id = "pam_usertype-examples"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_usertype.8.xml" xpointer='xpointer(//refsect1[@id = "pam_usertype-author"]/*)'/>
+ </section>
+
+</article>
diff --git a/modules/pam_usertype/pam_usertype.8.xml b/modules/pam_usertype/pam_usertype.8.xml
new file mode 100644
index 00000000..1ba4ee71
--- /dev/null
+++ b/modules/pam_usertype/pam_usertype.8.xml
@@ -0,0 +1,170 @@ @@ -0,0 +1,170 @@
+<?xml version="1.0" encoding='UTF-8'?> +<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
@ -346,12 +261,10 @@ index 00000000..1ba4ee71
+ <para>Pavel Březina &lt;pbrezina@redhat.com&gt;</para> + <para>Pavel Březina &lt;pbrezina@redhat.com&gt;</para>
+ </refsect1> + </refsect1>
+</refentry> +</refentry>
diff --git a/modules/pam_usertype/pam_usertype.c b/modules/pam_usertype/pam_usertype.c diff -up Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.c.pam-usertype Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.c
new file mode 100644 --- Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.c.pam-usertype 2020-05-15 10:03:27.270468089 +0200
index 00000000..d3629c13 +++ Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.c 2020-05-15 10:16:08.053198025 +0200
--- /dev/null @@ -0,0 +1,394 @@
+++ b/modules/pam_usertype/pam_usertype.c
@@ -0,0 +1,319 @@
+/****************************************************************************** +/******************************************************************************
+ * Check user type based on login.defs. + * Check user type based on login.defs.
+ * + *
@ -746,14 +659,54 @@ index 00000000..d3629c13
+{ +{
+ return pam_sm_authenticate(pamh, flags, argc, argv); + return pam_sm_authenticate(pamh, flags, argc, argv);
+} +}
diff --git a/modules/pam_usertype/tst-pam_usertype b/modules/pam_usertype/tst-pam_usertype diff -up Linux-PAM-1.3.1/modules/pam_usertype/README.xml.pam-usertype Linux-PAM-1.3.1/modules/pam_usertype/README.xml
new file mode 100755 --- Linux-PAM-1.3.1/modules/pam_usertype/README.xml.pam-usertype 2020-05-15 10:03:27.270468089 +0200
index 00000000..a21f8fe7 +++ Linux-PAM-1.3.1/modules/pam_usertype/README.xml 2020-05-15 10:03:27.270468089 +0200
--- /dev/null @@ -0,0 +1,41 @@
+++ b/modules/pam_usertype/tst-pam_usertype +<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+"http://www.docbook.org/xml/4.3/docbookx.dtd"
+[
+<!--
+<!ENTITY pamaccess SYSTEM "pam_usertype.8.xml">
+-->
+]>
+
+<article>
+
+ <articleinfo>
+
+ <title>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_usertype.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_usertype-name"]/*)'/>
+ </title>
+
+ </articleinfo>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_usertype.8.xml" xpointer='xpointer(//refsect1[@id = "pam_usertype-description"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_usertype.8.xml" xpointer='xpointer(//refsect1[@id = "pam_usertype-options"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_usertype.8.xml" xpointer='xpointer(//refsect1[@id = "pam_usertype-examples"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_usertype.8.xml" xpointer='xpointer(//refsect1[@id = "pam_usertype-author"]/*)'/>
+ </section>
+
+</article>
diff -up Linux-PAM-1.3.1/modules/pam_usertype/tst-pam_usertype.pam-usertype Linux-PAM-1.3.1/modules/pam_usertype/tst-pam_usertype
--- Linux-PAM-1.3.1/modules/pam_usertype/tst-pam_usertype.pam-usertype 2020-05-15 10:03:27.270468089 +0200
+++ Linux-PAM-1.3.1/modules/pam_usertype/tst-pam_usertype 2020-05-15 10:03:27.270468089 +0200
@@ -0,0 +1,2 @@ @@ -0,0 +1,2 @@
+#!/bin/sh +#!/bin/sh
+../../tests/tst-dlopen .libs/pam_usertype.so +../../tests/tst-dlopen .libs/pam_usertype.so
--
2.25.2

5
SPECS/pam.spec
View File

@ -3,7 +3,7 @@
Summary: An extensible library which provides authentication for applications Summary: An extensible library which provides authentication for applications
Name: pam Name: pam
Version: 1.3.1 Version: 1.3.1
Release: 10%{?dist} Release: 11%{?dist}
# The library is BSD licensed with option to relicense as GPLv2+ # The library is BSD licensed with option to relicense as GPLv2+
# - this option is redundant as the BSD license allows that anyway. # - this option is redundant as the BSD license allows that anyway.
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+. # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
@ -399,6 +399,9 @@ done
%doc doc/specs/rfc86.0.txt %doc doc/specs/rfc86.0.txt
%changelog %changelog
* Fri May 15 2020 Iker Pedrosa <ipedrosa@redhat.com> 1.3.1-11
- pam_usertype: fixed malformed patch
* Tue Apr 21 2020 Iker Pedrosa <ipedrosa@redhat.com> 1.3.1-10 * Tue Apr 21 2020 Iker Pedrosa <ipedrosa@redhat.com> 1.3.1-10
- pam_modutil_sanitize_helper_fds: fix SIGPIPE effect of PAM_MODUTIL_PIPE_FD (#1791970) - pam_modutil_sanitize_helper_fds: fix SIGPIPE effect of PAM_MODUTIL_PIPE_FD (#1791970)