From be1c1f2f87de74d5d77d73339fb07a20ae5c9e51 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 19 May 2005 16:56:55 +0000 Subject: [PATCH] * Thu May 19 2005 Dan Walsh 1.23.10-2 - Add call to pam_acct_mgmt in newrole. --- policycoreutils-rhat.patch | 21 ++++++++++++++++++--- policycoreutils.spec | 5 ++++- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index cb9bf08..5bff95f 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,6 +1,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2why/audit2why.1 policycoreutils-1.23.10/audit2why/audit2why.1 --- nsapolicycoreutils/audit2why/audit2why.1 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-1.23.10/audit2why/audit2why.1 2005-05-17 08:24:26.000000000 -0400 ++++ policycoreutils-1.23.10/audit2why/audit2why.1 2005-05-17 08:31:39.000000000 -0400 @@ -0,0 +1,62 @@ +.\" Hey, Emacs! This is an -*- nroff -*- source file. +.\" Copyright (c) 2005 Dan Walsh @@ -66,7 +66,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2why/audit2why.1 po +utility was written by Stephen Smalley . diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2why/Makefile policycoreutils-1.23.10/audit2why/Makefile --- nsapolicycoreutils/audit2why/Makefile 2005-05-16 15:40:11.000000000 -0400 -+++ policycoreutils-1.23.10/audit2why/Makefile 2005-05-17 08:25:00.000000000 -0400 ++++ policycoreutils-1.23.10/audit2why/Makefile 2005-05-17 08:31:39.000000000 -0400 @@ -17,6 +17,8 @@ install: all -mkdir -p $(BINDIR) @@ -76,9 +76,24 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2why/Makefile polic clean: rm -f $(TARGETS) *.o +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-1.23.10/newrole/newrole.c +--- nsapolicycoreutils/newrole/newrole.c 2005-01-27 10:01:39.000000000 -0500 ++++ policycoreutils-1.23.10/newrole/newrole.c 2005-05-19 11:51:37.000000000 -0400 +@@ -193,6 +193,11 @@ + result = 1; /* user authenticated OK! */ + } + ++ /* Ask PAM to verify acct_mgmt */ ++ if( PAM_SUCCESS != pam_acct_mgmt(pam_handle,0) ) { ++ result = 0; /* user authenticated OK! */ ++ } ++ + /* We're done with PAM. Free `pam_handle'. */ + pam_end( pam_handle, PAM_SUCCESS ); + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.23.10/scripts/fixfiles --- nsapolicycoreutils/scripts/fixfiles 2005-04-29 14:11:23.000000000 -0400 -+++ policycoreutils-1.23.10/scripts/fixfiles 2005-05-17 08:24:26.000000000 -0400 ++++ policycoreutils-1.23.10/scripts/fixfiles 2005-05-17 08:31:39.000000000 -0400 @@ -164,7 +164,7 @@ fi diff --git a/policycoreutils.spec b/policycoreutils.spec index b8bcf27..2fc7732 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -3,7 +3,7 @@ Summary: SELinux policy core utilities. Name: policycoreutils Version: 1.23.10 -Release: 1 +Release: 2 License: GPL Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -84,6 +84,9 @@ rm -rf ${RPM_BUILD_ROOT} %config(noreplace) %{_sysconfdir}/sestatus.conf %changelog +* Thu May 19 2005 Dan Walsh 1.23.10-2 +- Add call to pam_acct_mgmt in newrole. + * Tue May 17 2005 Dan Walsh 1.23.10-1 - Update to match NSA * Extended audit2why to incorporate booleans and local user