- upgrade to new upstream version, as there are mostly bugfixes except
improved documentation
- add support for session and password service for pam_access and
pam_succeed_if
- system-auth: skip session pam_unix for crond service
This commit is contained in:
Tomáš Mráz
parent
e3f2d52037
commit
10ddab4186
@ -1,3 +1,3 @@
|
||||
db-4.3.29.tar.gz
|
||||
Linux-PAM-0.99.5.0.tar.bz2
|
||||
pam-redhat-0.99.6-1.tar.bz2
|
||||
Linux-PAM-0.99.6.2.tar.bz2
|
||||
|
||||
42
pam-0.99.6.2-selinux-keycreate.patch
Normal file
42
pam-0.99.6.2-selinux-keycreate.patch
Normal file
@ -0,0 +1,42 @@
|
||||
--- Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c.keycreate 2006-08-31 17:26:46.000000000 +0200
|
||||
+++ Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c 2006-08-31 19:01:05.000000000 +0200
|
||||
@@ -391,6 +391,28 @@
|
||||
pam_syslog(pamh, LOG_NOTICE, "set %s security context to %s",
|
||||
(const char *)username, user_context);
|
||||
}
|
||||
+#ifdef HAVE_SETKEYCREATECON
|
||||
+ ret = setkeycreatecon(user_context);
|
||||
+ if (ret==0 && verbose) {
|
||||
+ char msg[PATH_MAX];
|
||||
+ snprintf(msg, sizeof(msg),
|
||||
+ _("Key Creation Context %s Assigned"), user_context);
|
||||
+ verbose_message(pamh, msg, debug);
|
||||
+ }
|
||||
+ if (ret) {
|
||||
+ pam_syslog(pamh, LOG_ERR,
|
||||
+ "Error! Unable to set %s key creation context %s.",
|
||||
+ (const char *)username, user_context);
|
||||
+ if (security_getenforce() == 1) {
|
||||
+ freecon(user_context);
|
||||
+ return PAM_AUTH_ERR;
|
||||
+ }
|
||||
+ } else {
|
||||
+ if (debug)
|
||||
+ pam_syslog(pamh, LOG_NOTICE, "set %s key creation context to %s",
|
||||
+ (const char *)username, user_context);
|
||||
+ }
|
||||
+#endif
|
||||
freecon(user_context);
|
||||
|
||||
return PAM_SUCCESS;
|
||||
--- Linux-PAM-0.99.6.2/configure.in.keycreate 2006-08-31 17:26:46.000000000 +0200
|
||||
+++ Linux-PAM-0.99.6.2/configure.in 2006-08-31 18:59:52.000000000 +0200
|
||||
@@ -397,7 +397,7 @@
|
||||
AC_CHECK_FUNCS(strcspn strdup strspn strstr strtol uname)
|
||||
AC_CHECK_FUNCS(getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r)
|
||||
AC_CHECK_FUNCS(getgrouplist getline getdelim)
|
||||
-AC_CHECK_FUNCS(inet_ntop inet_pton ruserok_af)
|
||||
+AC_CHECK_FUNCS(inet_ntop inet_pton ruserok_af setkeycreatecon)
|
||||
|
||||
AC_CHECK_FUNCS(unshare, [UNSHARE=yes], [UNSHARE=no])
|
||||
AM_CONDITIONAL([HAVE_UNSHARE], [test "$UNSHARE" = yes])
|
||||
57
pam.spec
57
pam.spec
@ -10,12 +10,12 @@
|
||||
|
||||
Summary: A security tool which provides authentication for applications
|
||||
Name: pam
|
||||
Version: 0.99.5.0
|
||||
Release: 8%{?dist}
|
||||
Version: 0.99.6.2
|
||||
Release: 1%{?dist}
|
||||
License: GPL or BSD
|
||||
Group: System Environment/Base
|
||||
Source0: ftp.us.kernel.org:/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2
|
||||
Source1: ftp.us.kernel.org:/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2.sign
|
||||
Source0: http://ftp.us.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2
|
||||
Source1: http://ftp.us.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2.sign
|
||||
Source2: pam-redhat-%{pam_redhat_version}.tar.bz2
|
||||
Source4: db-%{db_version}.tar.gz
|
||||
Source5: other.pamd
|
||||
@ -26,22 +26,14 @@ Source9: system-auth.5
|
||||
Source10: config-util.5
|
||||
Patch1: pam-0.99.5.0-redhat-modules.patch
|
||||
Patch21: pam-0.78-unix-hpux-aging.patch
|
||||
Patch28: pam-0.75-sgml2latex.patch
|
||||
Patch34: pam-0.99.4.0-dbpam.patch
|
||||
Patch70: pam-0.99.2.1-selinux-nofail.patch
|
||||
Patch80: pam-0.99.5.0-selinux-drop-multiple.patch
|
||||
Patch81: pam-0.99.3.0-cracklib-try-first-pass.patch
|
||||
Patch82: pam-0.99.3.0-tally-fail-close.patch
|
||||
Patch83: pam-0.99.4.0-succif-service.patch
|
||||
Patch84: pam-0.99.5.0-access-gai.patch
|
||||
Patch85: pam-0.99.5.0-selinux-enoent.patch
|
||||
Patch86: pam-0.99.5.0-console-no-ainit.patch
|
||||
Patch87: pam-0.99.5.0-keyinit-no-debug.patch
|
||||
Patch88: pam-0.99.5.0-keyinit-multiinit.patch
|
||||
Patch89: pam-0.99.5.0-keyinit-revoke-user.patch
|
||||
Patch90: pam-0.99.5.0-namespace-init.patch
|
||||
Patch91: pam-0.99.5.0-succif-unknown-user.patch
|
||||
Patch92: pam-0.99.5.0-selinux-keycreate.patch
|
||||
Patch83: pam-0.99.5.0-console-no-ainit.patch
|
||||
Patch84: pam-0.99.6.2-selinux-keycreate.patch
|
||||
Patch85: pam-0.99.6.0-succif-session.patch
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-root
|
||||
Requires: cracklib, cracklib-dicts >= 2.8
|
||||
@ -95,26 +87,15 @@ cp %{SOURCE7} .
|
||||
|
||||
%patch1 -p1 -b .redhat-modules
|
||||
%patch21 -p1 -b .unix-hpux-aging
|
||||
%patch28 -p1 -b .doc
|
||||
%patch34 -p1 -b .dbpam
|
||||
%patch70 -p1 -b .nofail
|
||||
%patch80 -p1 -b .drop-multiple
|
||||
%patch81 -p1 -b .try-first-pass
|
||||
%patch82 -p1 -b .fail-close
|
||||
%patch83 -p1 -b .service
|
||||
%patch84 -p0 -b .gai
|
||||
%patch85 -p1 -b .enoent
|
||||
%patch86 -p1 -b .no-ainit
|
||||
%patch87 -p1 -b .no-debug
|
||||
%patch88 -p1 -b .multiinit
|
||||
%patch89 -p1 -b .revoke-user
|
||||
%patch90 -p1 -b .namespace-init
|
||||
%patch91 -p1 -b .unknown-user
|
||||
%patch92 -p1 -b .keycreate
|
||||
%patch83 -p1 -b .no-ainit
|
||||
%patch84 -p1 -b .keycreate
|
||||
%patch85 -p0 -b .session
|
||||
|
||||
for readme in modules/pam_*/README ; do
|
||||
cp -f ${readme} doc/txts/README.`dirname ${readme} | sed -e 's|^modules/||'`
|
||||
done
|
||||
autoreconf
|
||||
|
||||
%build
|
||||
@ -157,6 +138,12 @@ make
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
mkdir -p doc/txts
|
||||
for readme in modules/pam_*/README ; do
|
||||
cp -f ${readme} doc/txts/README.`dirname ${readme} | sed -e 's|^modules/||'`
|
||||
done
|
||||
|
||||
# Install the binaries, libraries, and modules.
|
||||
make install DESTDIR=$RPM_BUILD_ROOT LDCONFIG=:
|
||||
|
||||
@ -284,7 +271,8 @@ fi
|
||||
%config(noreplace) /etc/pam.d/system-auth
|
||||
%config(noreplace) /etc/pam.d/config-util
|
||||
%doc Copyright
|
||||
%doc doc/html doc/txts
|
||||
%doc doc/txts
|
||||
%doc doc/sag/*.txt doc/sag/html
|
||||
%doc doc/specs/rfc86.0.txt
|
||||
/%{_lib}/libpam.so.*
|
||||
/%{_lib}/libpamc.so.*
|
||||
@ -375,8 +363,17 @@ fi
|
||||
%{_libdir}/libpam.so
|
||||
%{_libdir}/libpamc.so
|
||||
%{_libdir}/libpam_misc.so
|
||||
%doc doc/mwg/*.txt doc/mwg/html
|
||||
%doc doc/adg/*.txt doc/adg/html
|
||||
|
||||
%changelog
|
||||
* Thu Aug 31 2006 Tomas Mraz <tmraz@redhat.com> 0.99.6.2-1
|
||||
- upgrade to new upstream version, as there are mostly bugfixes except
|
||||
improved documentation
|
||||
- add support for session and password service for pam_access and
|
||||
pam_succeed_if
|
||||
- system-auth: skip session pam_unix for crond service
|
||||
|
||||
* Thu Aug 10 2006 Dan Walsh <dwalsh@redhat.com> 0.99.5.0-8
|
||||
- Add new setkeycreatecon call to pam_selinux to make sure keyring has correct context
|
||||
|
||||
|
||||
2
sources
2
sources
@ -1,3 +1,3 @@
|
||||
13585a20ce32f113b8e8cdb57f52e3bb db-4.3.29.tar.gz
|
||||
dbc8608b2a9bc6b8cf50dd1fbc68cf3b Linux-PAM-0.99.5.0.tar.bz2
|
||||
2dc76a335ddf9e4259aa4e00e5ebaf61 pam-redhat-0.99.6-1.tar.bz2
|
||||
52844c64efa6f8b6a9ed702eec341a4c Linux-PAM-0.99.6.2.tar.bz2
|
||||
|
||||
@ -13,4 +13,5 @@ password required pam_deny.so
|
||||
|
||||
session optional pam_keyinit.so revoke
|
||||
session required pam_limits.so
|
||||
session [success=1 default=ignore] pam_succeed_if.so service in crond
|
||||
session required pam_unix.so
|
||||
|
||||
Loading…
Reference in New Issue
Block a user