Accepting request 1074609 from home:kukuk:branches:network

- Rename sshd.pamd to sshd-sle.pamd and fix order of pam_keyinit - Add new sshd.pamd including postlogin-* config files OBS-URL: https://build.opensuse.org/request/show/1074609 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=246
2023-04-13 21:23:05 +00:00 · 2023-04-13 21:23:05 +00:00 · 789436c617
commit 789436c617
parent a004ad47ca
4 changed files with 28 additions and 6 deletions
--- a/openssh.changes
+++ b/openssh.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Mar 27 08:39:38 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
+
+- Rename sshd.pamd to sshd-sle.pamd and fix order of pam_keyinit
+- Add new sshd.pamd including postlogin-* config files
+
 -------------------------------------------------------------------
 Wed Feb 15 10:35:43 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>

--- a/openssh.spec
+++ b/openssh.spec
@ -51,6 +51,7 @@ Source11:       README.FIPS
 Source12:       cavs_driver-ssh.pl
 Source13:       https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc#/openssh.keyring
 Source14:       sysusers-sshd.conf
+Source15:       sshd-sle.pamd
 Patch1:         openssh-7.7p1-X11_trusted_forwarding.patch
 Patch3:         openssh-7.7p1-enable_PAM_by_default.patch
 Patch4:         openssh-7.7p1-eal3.patch
@ -308,8 +309,9 @@ export LDFLAGS CFLAGS CXXFLAGS CPPFLAGS
 install -d -m 755 %{buildroot}%{_pam_vendordir}
 install -m 644 %{SOURCE2} %{buildroot}%{_pam_vendordir}/sshd
 %else
+# SLE has no distconfdir, so use sle PAM config
 install -d -m 755 %{buildroot}%{_sysconfdir}/pam.d
-install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/sshd
+install -m 644 %{SOURCE15} %{buildroot}%{_sysconfdir}/pam.d/sshd
 %endif
 install -d -m 755 %{buildroot}%{_localstatedir}/lib/sshd
 install -d -m 755 %{buildroot}%{_sysconfdir}/ssh/ssh_config.d
--- a/sshd-sle.pamd
+++ b/sshd-sle.pamd
@ -0,0 +1,11 @@
+#%PAM-1.0
+auth        requisite   pam_nologin.so
+auth        include     common-auth
+account     requisite   pam_nologin.so
+account     include     common-account
+password    include     common-password
+session     required    pam_loginuid.so
+session     optional    pam_keyinit.so   force revoke
+session     include     common-session
+session     optional    pam_motd.so
+
--- a/sshd.pamd
+++ b/sshd.pamd
@ -1,11 +1,14 @@
 #%PAM-1.0
 auth        requisite   pam_nologin.so
-auth        include     common-auth
+auth        substack    common-auth
+auth        include     postlogin-auth
 account     requisite   pam_nologin.so
-account     include     common-account
-password    include     common-password
+account     substack    common-account
+account     include     postlogin-account
+password    substack    common-password
+password    include     postlogin-password
 session     required    pam_loginuid.so
-session     include     common-session
 session     optional    pam_keyinit.so   force revoke
+session     substack    common-session
+session     include     postlogin-session
 session     optional    pam_motd.so
-