From c98acce6804b27f5e7abec9f9a3ba1109e6c0d4f Mon Sep 17 00:00:00 2001
From: James Antill <jantill@redhat.com>
Date: Wed, 29 Jun 2022 14:20:13 -0400
Subject: [PATCH] Auto sync2gitlab import of pam-1.3.1-20.el8.src.rpm

---
 pam-1.3.1-pam-usertype-SYS_UID_MAX.patch | 75 ------------------------
 pam.spec                                 |  8 +--
 2 files changed, 1 insertion(+), 82 deletions(-)
 delete mode 100644 pam-1.3.1-pam-usertype-SYS_UID_MAX.patch

diff --git a/pam-1.3.1-pam-usertype-SYS_UID_MAX.patch b/pam-1.3.1-pam-usertype-SYS_UID_MAX.patch
deleted file mode 100644
index 4881a5e..0000000
--- a/pam-1.3.1-pam-usertype-SYS_UID_MAX.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-diff -up Linux-PAM-1.3.1/configure.ac.pam-usertype-SYS_UID_MAX Linux-PAM-1.3.1/configure.ac
---- Linux-PAM-1.3.1/configure.ac.pam-usertype-SYS_UID_MAX	2022-06-22 16:41:09.169146826 +0200
-+++ Linux-PAM-1.3.1/configure.ac	2022-06-22 16:43:54.343373619 +0200
-@@ -615,12 +615,6 @@ if test x"$opt_uidmin" == x; then
- fi
- AC_DEFINE_UNQUOTED(PAM_USERTYPE_UIDMIN, $opt_uidmin, [Minimum regular user uid.])
- 
--AC_ARG_WITH([sysuidmin], AS_HELP_STRING([--with-sysuidmin=<number>],[default value for system user min uid (101)]), opt_sysuidmin=$withval)
--if test x"$opt_sysuidmin" == x; then
--    opt_sysuidmin=101
--fi
--AC_DEFINE_UNQUOTED(PAM_USERTYPE_SYSUIDMIN, $opt_sysuidmin, [Minimum system user uid.])
--
- AC_ARG_WITH([kerneloverflowuid], AS_HELP_STRING([--with-kernel-overflow-uid=<number>],[kernel overflow uid, default (uint16_t)-2=65534]), opt_kerneloverflowuid=$withval)
- if test x"$opt_kerneloverflowuid" == x; then
-     opt_kerneloverflowuid=65534
-diff -up Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.8.xml.pam-usertype-SYS_UID_MAX Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.8.xml
---- Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.8.xml.pam-usertype-SYS_UID_MAX	2022-06-22 16:41:09.155146722 +0200
-+++ Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.8.xml	2022-06-22 16:41:09.169146826 +0200
-@@ -31,7 +31,7 @@
-       pam_usertype.so is designed to succeed or fail authentication
-       based on type of the account of the authenticated user.
-       The type of the account is decided with help of
--      <emphasis>SYS_UID_MIN</emphasis> and <emphasis>SYS_UID_MAX</emphasis>
-+      <emphasis>SYS_UID_MAX</emphasis>
-       settings in <emphasis>/etc/login.defs</emphasis>. One use is to select
-       whether to load other modules based on this test.
-     </para>
-diff -up Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.c.pam-usertype-SYS_UID_MAX Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.c
---- Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.c.pam-usertype-SYS_UID_MAX	2022-06-22 16:41:09.155146722 +0200
-+++ Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.c	2022-06-22 16:41:09.169146826 +0200
-@@ -277,7 +277,6 @@ static int
- pam_usertype_is_system(pam_handle_t *pamh, uid_t uid)
- {
-     uid_t uid_min;
--    uid_t sys_min;
-     uid_t sys_max;
- 
-     if (uid == (uid_t)-1) {
-@@ -285,21 +284,19 @@ pam_usertype_is_system(pam_handle_t *pam
-         return PAM_USER_UNKNOWN;
-     }
- 
--    if (uid <= 99) {
--        /* Reserved. */
--        return PAM_SUCCESS;
--    }
--
-     if (uid == PAM_USERTYPE_OVERFLOW_UID) {
-         /* nobody */
-         return PAM_SUCCESS;
-     }
- 
-     uid_min = pam_usertype_get_id(pamh, "UID_MIN", PAM_USERTYPE_UIDMIN);
--    sys_min = pam_usertype_get_id(pamh, "SYS_UID_MIN", PAM_USERTYPE_SYSUIDMIN);
-     sys_max = pam_usertype_get_id(pamh, "SYS_UID_MAX", uid_min - 1);
- 
--    return uid >= sys_min && uid <= sys_max ? PAM_SUCCESS : PAM_AUTH_ERR;
-+    if (uid <= sys_max && uid < uid_min) {
-+        return PAM_SUCCESS;
-+    }
-+
-+    return PAM_AUTH_ERR;
- }
- 
- static int
-@@ -336,7 +333,7 @@ pam_usertype_evaluate(struct pam_usertyp
- 
- /**
-  * Arguments:
-- * - issystem: uid in <SYS_UID_MIN, SYS_UID_MAX>
-+ * - issystem: uid less than SYS_UID_MAX
-  * - isregular: not issystem
-  * - use_uid: use user that runs application not that is being authenticate (same as in pam_succeed_if)
-  * - audit: log unknown users to syslog
diff --git a/pam.spec b/pam.spec
index eec1cc2..c6368b7 100644
--- a/pam.spec
+++ b/pam.spec
@@ -3,7 +3,7 @@
 Summary: An extensible library which provides authentication for applications
 Name: pam
 Version: 1.3.1
-Release: 21%{?dist}
+Release: 20%{?dist}
 # The library is BSD licensed with option to relicense as GPLv2+
 # - this option is redundant as the BSD license allows that anyway.
 # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
@@ -83,8 +83,6 @@ Patch57: pam-1.3.1-inline.patch
 # https://github.com/linux-pam/linux-pam/commit/9bcbe96d9e82a23d983c0618178a8dc25596ac2d
 # https://github.com/linux-pam/linux-pam/commit/fc867a9e22eac2c9a0ed0577776bba4df21c9aad
 Patch58: pam-1.3.1-faillock-load-conf-from-file.patch
-# https://github.com/linux-pam/linux-pam/commit/370064ef6f99581b08d473a42bb3417d5dda3e4e
-Patch59: pam-1.3.1-pam-usertype-SYS_UID_MAX.patch
 
 %define _pamlibdir %{_libdir}
 %define _moduledir %{_libdir}/security
@@ -191,7 +189,6 @@ cp %{SOURCE18} .
 %patch56 -p1 -b .pam-cc-compat
 %patch57 -p1 -b .inline
 %patch58 -p1 -b .faillock-load-conf-from-file
-%patch59 -p1 -b .pam-usertype-SYS_UID_MAX
 
 autoreconf -i
 
@@ -444,9 +441,6 @@ done
 %doc doc/specs/rfc86.0.txt
 
 %changelog
-* Thu Jun 23 2022 Iker Pedrosa <ipedrosa@redhat.com> - 1.3.1-21
-- pam_usertype: only use SYS_UID_MAX for system users. Resolves: #1949137
-
 * Thu May 26 2022 Iker Pedrosa <ipedrosa@redhat.com> - 1.3.1-20
 - faillock: load configuration from file. Resolves: #1978029