pool/pam
SHA256
3
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 933444 from home:kukuk:tiu

Browse Source 
- Use multibuild to build docu with correct paths and available
  features.
- common-session: move pam_systemd to first position as if the
  file would have been generated with pam-config
- Add vendordir fixes and enhancements from upstream:
  - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch
  - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch
  - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch

OBS-URL: https://build.opensuse.org/request/show/933444
OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=254
This commit is contained in:
Thorsten Kukuk 2021-11-24 13:43:37 +00:00 committed by Git OBS Bridge
parent 343fbe4278
commit 30c0969bef
10 changed files with 408 additions and 202 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch Normal file
View File

@ -0,0 +1,25 @@
From 00a46bcead2857002ed720f22b558b6f6d349fc8 Mon Sep 17 00:00:00 2001
From: Thorsten Kukuk <5908016+thkukuk@users.noreply.github.com>
Date: Tue, 2 Nov 2021 11:45:59 +0100
Subject: [PATCH 1/3] Include pam_xauth_data.3.xml in source archive (#400)
---
doc/man/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am
index 78c891df..c6fd73db 100644
--- a/doc/man/Makefile.am
+++ b/doc/man/Makefile.am
@@ -43,7 +43,7 @@ XMLS = pam.3.xml pam.8.xml \
pam_item_types_std.inc.xml pam_item_types_ext.inc.xml \
pam.conf-desc.xml pam.conf-dir.xml pam.conf-syntax.xml \
misc_conv.3.xml pam_misc_paste_env.3.xml pam_misc_drop_env.3.xml \
- pam_misc_setenv.3.xml
+ pam_misc_setenv.3.xml pam_xauth_data.3.xml
if ENABLE_REGENERATE_MAN
PAM.8: pam.8
--
2.31.1

51
0002-Only-include-vendordir-in-manual-page-if-set-401.patch Normal file
View File

@ -0,0 +1,51 @@
From 04109c25a7dbd11404f7f23a9a405b9b9d6b7246 Mon Sep 17 00:00:00 2001
From: Thorsten Kukuk <5908016+thkukuk@users.noreply.github.com>
Date: Tue, 2 Nov 2021 11:46:24 +0100
Subject: [PATCH 2/3] Only include vendordir in manual page if set (#401)
---
configure.ac | 4 ++--
doc/man/pam.8.xml | 5 ++---
2 files changed, 4 insertions(+), 5 deletions(-)
diff --git a/configure.ac b/configure.ac
index c06bc7dd..eb98d69a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -507,9 +507,9 @@ AC_ARG_ENABLE([vendordir],
if test -n "$enable_vendordir"; then
AC_DEFINE_UNQUOTED([VENDORDIR], ["$enable_vendordir"],
[Directory for distribution provided configuration files])
- STRINGPARAM_VENDORDIR="--stringparam vendordir '$enable_vendordir'"
+ STRINGPARAM_VENDORDIR="--stringparam vendordir '$enable_vendordir' --stringparam profile.condition 'with_vendordir'"
else
- STRINGPARAM_VENDORDIR="--stringparam vendordir '<vendordir>'"
+ STRINGPARAM_VENDORDIR="--stringparam profile.condition 'without_vendordir'"
fi
AC_SUBST([STRINGPARAM_VENDORDIR])
diff --git a/doc/man/pam.8.xml b/doc/man/pam.8.xml
index 464af0e5..8eef665a 100644
--- a/doc/man/pam.8.xml
+++ b/doc/man/pam.8.xml
@@ -158,15 +158,14 @@ closing hook for modules to affect the services available to a user.</para>
</para>
</listitem>
</varlistentry>
- <varlistentry>
+ <varlistentry condition="with_vendordir">
<term><filename>%vendordir%/pam.d</filename></term>
<listitem>
<para>
the <emphasis remap='B'>Linux-PAM</emphasis> vendor configuration
directory. Files in <filename>/etc/pam.d</filename> and
<filename>/usr/lib/pam.d</filename> override files with the same
- name in this directory. Only available if Linux-PAM was compiled
- with vendordir enabled.
+ name in this directory.
</para>
</listitem>
</varlistentry>
--
2.31.1

61
0003-Use-vendor-specific-limits.conf-as-fallback-402.patch Normal file
View File

@ -0,0 +1,61 @@
From 5deaac423159103d02b146afa753a8ebb7fddf09 Mon Sep 17 00:00:00 2001
From: Thorsten Kukuk <5908016+thkukuk@users.noreply.github.com>
Date: Wed, 3 Nov 2021 09:02:40 +0100
Subject: [PATCH 3/3] Use vendor specific limits.conf as fallback (#402)
* Use vendor specific limits.conf as fallback
---
modules/pam_limits/pam_limits.8.xml | 6 ++++++
modules/pam_limits/pam_limits.c | 19 ++++++++++++++++---
2 files changed, 22 insertions(+), 3 deletions(-)
diff --git a/modules/pam_limits/pam_limits.8.xml b/modules/pam_limits/pam_limits.8.xml
index bc46cbf4..c1c10eca 100644
--- a/modules/pam_limits/pam_limits.8.xml
+++ b/modules/pam_limits/pam_limits.8.xml
@@ -57,6 +57,12 @@
If a config file is explicitly specified with a module option then the
files in the above directory are not parsed.
</para>
+ <para condition="with_vendordir">
+ If there is no explicitly specified configuration file and
+ <filename>/etc/security/limits.conf</filename> does not exist,
+ <filename>%vendordir%/security/limits.conf</filename> is used.
+ If this file does not exist, too, an error is thrown.
+ </para>
<para>
The module must not be called by a multithreaded application.
</para>
diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c
index 7cc45d77..53188965 100644
--- a/modules/pam_limits/pam_limits.c
+++ b/modules/pam_limits/pam_limits.c
@@ -816,9 +816,22 @@ parse_config_file(pam_handle_t *pamh, const char *uname, uid_t uid, gid_t gid,
pam_syslog(pamh, LOG_DEBUG, "reading settings from '%s'", CONF_FILE);
fil = fopen(CONF_FILE, "r");
if (fil == NULL) {
- pam_syslog (pamh, LOG_WARNING,
- "cannot read settings from %s: %m", CONF_FILE);
- return PAM_SERVICE_ERR;
+ int err = errno;
+
+#ifdef VENDORDIR
+ /* if the specified file does not exist, and it is not provided by
+ the user, try the vendor file as fallback. */
+ if (pl->conf_file == NULL && err == ENOENT)
+ fil = fopen(VENDORDIR"/security/limits.conf", "r");
+
+ if (fil == NULL)
+#endif
+ {
+ pam_syslog (pamh, LOG_WARNING,
+ "cannot read settings from %s: %s", CONF_FILE,
+ strerror(err));
+ return PAM_SERVICE_ERR;
+ }
}
/* start the show */
--
2.31.1

3
_multibuild Normal file
View File

@ -0,0 +1,3 @@
<multibuild>
<flavor>full</flavor>
</multibuild>

2
common-session.pamd
View File

@ -6,8 +6,8 @@
# at the start and end of sessions of *any* kind (both interactive and # at the start and end of sessions of *any* kind (both interactive and
# non-interactive). # non-interactive).
# #
session optional pam_systemd.so
session required pam_limits.so session required pam_limits.so
session required pam_unix.so try_first_pass session required pam_unix.so try_first_pass
session optional pam_umask.so session optional pam_umask.so
session optional pam_env.so session optional pam_env.so
session optional pam_systemd.so

16
pam.changes
View File

@ -1,3 +1,19 @@
-------------------------------------------------------------------
Wed Nov 24 13:39:45 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
- Use multibuild to build docu with correct paths and available
features.
-------------------------------------------------------------------
Mon Nov 22 13:12:09 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
- common-session: move pam_systemd to first position as if the
file would have been generated with pam-config
- Add vendordir fixes and enhancements from upstream:
- 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch
- 0002-Only-include-vendordir-in-manual-page-if-set-401.patch
- 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Nov 17 04:14:18 UTC 2021 - Stanislav Brabec <sbrabec@suse.com> Wed Nov 17 04:14:18 UTC 2021 - Stanislav Brabec <sbrabec@suse.com>

235
pam.spec
View File

@ -17,6 +17,18 @@
%bcond_with debug %bcond_with debug
%define flavor @BUILD_FLAVOR@%{nil}
%if "%{flavor}" == "full"
%define build_main 0
%define build_doc 1
%define name_suffix -%{flavor}-src
%else
%define build_main 1
%define build_doc 0
%define name_suffix %{nil}
%endif
# #
%define enable_selinux 1 %define enable_selinux 1
%define libpam_so_version 0.85.1 %define libpam_so_version 0.85.1
@ -29,7 +41,7 @@
# #
%{load:%{_sourcedir}/macros.pam} %{load:%{_sourcedir}/macros.pam}
# #
Name: pam Name: pam%{name_suffix}
# #
Version: 1.5.2 Version: 1.5.2
Release: 0 Release: 0
@ -52,11 +64,15 @@ Source12: pam-login_defs-check.sh
Source13: pam.tmpfiles Source13: pam.tmpfiles
Source14: Linux-PAM-%{version}-docs.tar.xz.asc Source14: Linux-PAM-%{version}-docs.tar.xz.asc
Source15: Linux-PAM-%{version}.tar.xz.asc Source15: Linux-PAM-%{version}.tar.xz.asc
Patch2: pam-limit-nproc.patch Patch1: pam-limit-nproc.patch
Patch4: pam-hostnames-in-access_conf.patch Patch2: pam-hostnames-in-access_conf.patch
Patch5: pam-xauth_ownership.patch Patch3: pam-xauth_ownership.patch
Patch8: pam-bsc1177858-dont-free-environment-string.patch Patch4: pam-bsc1177858-dont-free-environment-string.patch
Patch12: pam_umask-usergroups-login_defs.patch Patch5: pam_umask-usergroups-login_defs.patch
Patch10: pam_xauth_data.3.xml.patch
Patch11: 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch
Patch12: 0002-Only-include-vendordir-in-manual-page-if-set-401.patch
Patch13: 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch
BuildRequires: audit-devel BuildRequires: audit-devel
BuildRequires: bison BuildRequires: bison
BuildRequires: flex BuildRequires: flex
@ -88,6 +104,7 @@ having to recompile programs that do authentication.
%package -n pam_unix %package -n pam_unix
Summary: PAM module for standard UNIX authentication Summary: PAM module for standard UNIX authentication
Group: System/Libraries Group: System/Libraries
Provides: pam:/%{_lib}/security/pam_unix.so
Provides: pam_unix.so Provides: pam_unix.so
Conflicts: pam_unix-nis Conflicts: pam_unix-nis
@ -111,18 +128,33 @@ This package contains useful extra modules eg pam_userdb which is
used to verify a username/password pair against values stored in used to verify a username/password pair against values stored in
a Berkeley DB database. a Berkeley DB database.
%package doc %package -n pam-doc
Summary: Documentation for Pluggable Authentication Modules Summary: Documentation for Pluggable Authentication Modules
Group: Documentation/HTML Group: Documentation/HTML
BuildArch: noarch BuildArch: noarch
%description doc %description -n pam-doc
PAM (Pluggable Authentication Modules) is a system security tool that PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policies without allows system administrators to set authentication policies without
having to recompile programs that do authentication. having to recompile programs that do authentication.
This package contains the documentation. This package contains the documentation.
%package -n pam-manpages
Summary: Manualpages for Pluggable Authentication Modules
Group: Documentation/HTML
BuildArch: noarch
BuildRequires: docbook-xsl-stylesheets
BuildRequires: elinks
BuildRequires: xmlgraphics-fop
%description -n pam-manpages
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policies without
having to recompile programs that do authentication.
This package contains the manual pages.
%package devel %package devel
Summary: Include Files and Libraries for PAM Development Summary: Include Files and Libraries for PAM Development
Group: Development/Libraries/C and C++ Group: Development/Libraries/C and C++
@ -140,11 +172,15 @@ building both PAM-aware applications and modules for use with PAM.
%prep %prep
%setup -q -n Linux-PAM-%{version} -b 1 %setup -q -n Linux-PAM-%{version} -b 1
cp -a %{SOURCE12} . cp -a %{SOURCE12} .
%patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1
%patch4 -p1 %patch4 -p1
%patch5 -p1 %patch5 -p1
%patch8 -p1 %patch10 -p1
%patch11 -p1
%patch12 -p1 %patch12 -p1
%patch13 -p1
%build %build
bash ./pam-login_defs-check.sh bash ./pam-login_defs-check.sh
@ -167,8 +203,10 @@ CFLAGS="$CFLAGS -DNDEBUG"
%make_build %make_build
gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/Linux-PAM-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/Linux-PAM-%{version}/libpam/.libs -lpam gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/Linux-PAM-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/Linux-PAM-%{version}/libpam/.libs -lpam
%if %{build_main}
%check %check
%make_build check %make_build check
%endif
%install %install
mkdir -p %{buildroot}%{_pam_confdir} mkdir -p %{buildroot}%{_pam_confdir}
@ -209,16 +247,39 @@ done
popd popd
# Install unix2_chkpwd # Install unix2_chkpwd
install -m 755 %{_builddir}/unix2_chkpwd %{buildroot}%{_sbindir} install -m 755 %{_builddir}/unix2_chkpwd %{buildroot}%{_sbindir}
install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/
# bsc#1188724
echo '.so man8/pam_motd.8' > %{buildroot}%{_mandir}/man5/motd.5
# rpm macros # rpm macros
install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam
# /run/motd.d # /run/motd.d
install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/pam.conf install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/pam.conf
mkdir %{buildroot}%{_distconfdir}/security
mv %{buildroot}%{_sysconfdir}/security/limits.conf %{buildroot}%{_distconfdir}/security/limits.conf
# Remove manual pages for main package
%if !%{build_doc}
rm -rf %{buildroot}%{_mandir}/man[58]/*
install -m 644 modules/pam_userdb/pam_userdb.8 %{buildroot}/%{_mandir}/man8/
%else
install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/
# bsc#1188724
echo '.so man8/pam_motd.8' > %{buildroot}%{_mandir}/man5/motd.5
%endif
%if !%{build_main}
rm -rf %{buildroot}{%{_sysconfdir},%{_distconfdir},%{_sbindir},%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale}
rm -rf %{buildroot}{%{_includedir},%{_libdir},%{_prefix}/lib}
rm -rf %{buildroot}%{_mandir}/man3/*
rm -rf %{buildroot}%{_mandir}/man8/pam_userdb.8*
%else
# Create filelist with translations # Create filelist with translations
%find_lang Linux-PAM %find_lang Linux-PAM
%endif
%if %{build_main}
%verifyscript %verifyscript
%verify_permissions -e %{_sbindir}/unix_chkpwd %verify_permissions -e %{_sbindir}/unix_chkpwd
%verify_permissions -e %{_sbindir}/unix2_chkpwd %verify_permissions -e %{_sbindir}/unix2_chkpwd
@ -242,11 +303,17 @@ for i in securetty pam.d/other pam.d/common-account pam.d/common-auth pam.d/comm
done done
%files -f Linux-PAM.lang %files -f Linux-PAM.lang
%exclude %{_defaultdocdir}/pam %doc NEWS
%license COPYING
%exclude %{_defaultdocdir}/pam/html
%exclude %{_defaultdocdir}/pam/modules
%exclude %{_defaultdocdir}/pam/pdf
%exclude %{_defaultdocdir}/pam/*.txt
%dir %{_pam_confdir} %dir %{_pam_confdir}
%dir %{_pam_vendordir} %dir %{_pam_vendordir}
%dir %{_pam_secconfdir} %dir %{_pam_secconfdir}
%dir %{_pam_secconfdir}/limits.d %dir %{_pam_secconfdir}/limits.d
%dir %{_distconfdir}/security
%dir %{_prefix}/lib/motd.d %dir %{_prefix}/lib/motd.d
%if %{defined config_noreplace} %if %{defined config_noreplace}
%config(noreplace) %{_pam_confdir}/other %config(noreplace) %{_pam_confdir}/other
@ -259,7 +326,7 @@ done
%config(noreplace) %{_pam_secconfdir}/access.conf %config(noreplace) %{_pam_secconfdir}/access.conf
%config(noreplace) %{_pam_secconfdir}/group.conf %config(noreplace) %{_pam_secconfdir}/group.conf
%config(noreplace) %{_pam_secconfdir}/faillock.conf %config(noreplace) %{_pam_secconfdir}/faillock.conf
%config(noreplace) %{_pam_secconfdir}/limits.conf %{_distconfdir}/security/limits.conf
%config(noreplace) %{_pam_secconfdir}/pam_env.conf %config(noreplace) %{_pam_secconfdir}/pam_env.conf
%if %{enable_selinux} %if %{enable_selinux}
%config(noreplace) %{_pam_secconfdir}/sepermit.conf %config(noreplace) %{_pam_secconfdir}/sepermit.conf
@ -268,65 +335,6 @@ done
%config(noreplace) %{_pam_secconfdir}/namespace.conf %config(noreplace) %{_pam_secconfdir}/namespace.conf
%config(noreplace) %{_pam_secconfdir}/namespace.init %config(noreplace) %{_pam_secconfdir}/namespace.init
%dir %{_pam_secconfdir}/namespace.d %dir %{_pam_secconfdir}/namespace.d
%doc NEWS
%license COPYING
%{_mandir}/man5/environment.5%{?ext_man}
%{_mandir}/man5/*.conf.5%{?ext_man}
%{_mandir}/man5/pam.d.5%{?ext_man}
%{_mandir}/man5/motd.5%{?ext_man}
%{_mandir}/man8/PAM.8%{?ext_man}
%{_mandir}/man8/faillock.8%{?ext_man}
%{_mandir}/man8/mkhomedir_helper.8%{?ext_man}
%{_mandir}/man8/pam.8%{?ext_man}
%{_mandir}/man8/pam_access.8%{?ext_man}
%{_mandir}/man8/pam_debug.8%{?ext_man}
%{_mandir}/man8/pam_deny.8%{?ext_man}
%{_mandir}/man8/pam_echo.8%{?ext_man}
%{_mandir}/man8/pam_env.8%{?ext_man}
%{_mandir}/man8/pam_exec.8%{?ext_man}
%{_mandir}/man8/pam_faildelay.8%{?ext_man}
%{_mandir}/man8/pam_faillock.8%{?ext_man}
%{_mandir}/man8/pam_filter.8%{?ext_man}
%{_mandir}/man8/pam_ftp.8%{?ext_man}
%{_mandir}/man8/pam_group.8%{?ext_man}
%{_mandir}/man8/pam_issue.8%{?ext_man}
%{_mandir}/man8/pam_keyinit.8%{?ext_man}
%{_mandir}/man8/pam_lastlog.8%{?ext_man}
%{_mandir}/man8/pam_limits.8%{?ext_man}
%{_mandir}/man8/pam_listfile.8%{?ext_man}
%{_mandir}/man8/pam_localuser.8%{?ext_man}
%{_mandir}/man8/pam_loginuid.8%{?ext_man}
%{_mandir}/man8/pam_mail.8%{?ext_man}
%{_mandir}/man8/pam_mkhomedir.8%{?ext_man}
%{_mandir}/man8/pam_motd.8%{?ext_man}
%{_mandir}/man8/pam_namespace.8%{?ext_man}
%{_mandir}/man8/pam_namespace_helper.8%{?ext_man}
%{_mandir}/man8/pam_nologin.8%{?ext_man}
%{_mandir}/man8/pam_permit.8%{?ext_man}
%{_mandir}/man8/pam_pwhistory.8%{?ext_man}
%{_mandir}/man8/pam_rhosts.8%{?ext_man}
%{_mandir}/man8/pam_rootok.8%{?ext_man}
%{_mandir}/man8/pam_securetty.8%{?ext_man}
%{_mandir}/man8/pam_selinux.8%{?ext_man}
%{_mandir}/man8/pam_sepermit.8%{?ext_man}
%{_mandir}/man8/pam_setquota.8%{?ext_man}
%{_mandir}/man8/pam_shells.8%{?ext_man}
%{_mandir}/man8/pam_stress.8%{?ext_man}
%{_mandir}/man8/pam_succeed_if.8%{?ext_man}
%{_mandir}/man8/pam_time.8%{?ext_man}
%{_mandir}/man8/pam_timestamp.8%{?ext_man}
%{_mandir}/man8/pam_timestamp_check.8%{?ext_man}
%{_mandir}/man8/pam_tty_audit.8%{?ext_man}
%{_mandir}/man8/pam_umask.8%{?ext_man}
%{_mandir}/man8/pam_unix.8%{?ext_man}
%{_mandir}/man8/pam_usertype.8%{?ext_man}
%{_mandir}/man8/pam_warn.8%{?ext_man}
%{_mandir}/man8/pam_wheel.8%{?ext_man}
%{_mandir}/man8/pam_xauth.8%{?ext_man}
%{_mandir}/man8/pwhistory_helper.8%{?ext_man}
%{_mandir}/man8/unix2_chkpwd.8%{?ext_man}
%{_mandir}/man8/unix_chkpwd.8%{?ext_man}
%{_mandir}/man8/unix_update.8%{?ext_man}
%{_libdir}/libpam.so.0 %{_libdir}/libpam.so.0
%{_libdir}/libpam.so.%{libpam_so_version} %{_libdir}/libpam.so.%{libpam_so_version}
%{_libdir}/libpamc.so.0 %{_libdir}/libpamc.so.0
@ -404,14 +412,6 @@ done
%{_pam_moduledir}/pam_userdb.so %{_pam_moduledir}/pam_userdb.so
%{_mandir}/man8/pam_userdb.8%{?ext_man} %{_mandir}/man8/pam_userdb.8%{?ext_man}
%files doc
%defattr(644,root,root,755)
%dir %{_defaultdocdir}/pam
%doc %{_defaultdocdir}/pam/html
%doc %{_defaultdocdir}/pam/modules
%doc %{_defaultdocdir}/pam/pdf
%doc %{_defaultdocdir}/pam/*.txt
%files devel %files devel
%defattr(644,root,root,755) %defattr(644,root,root,755)
%dir %{_includedir}/security %dir %{_includedir}/security
@ -424,4 +424,77 @@ done
%{_rpmmacrodir}/macros.pam %{_rpmmacrodir}/macros.pam
%{_libdir}/pkgconfig/pam*.pc %{_libdir}/pkgconfig/pam*.pc
%endif
%if %{build_doc}
%files -n pam-doc
%defattr(644,root,root,755)
%dir %{_defaultdocdir}/pam
%doc %{_defaultdocdir}/pam/html
%doc %{_defaultdocdir}/pam/modules
%doc %{_defaultdocdir}/pam/pdf
%doc %{_defaultdocdir}/pam/*.txt
%files -n pam-manpages
%{_mandir}/man5/environment.5%{?ext_man}
%{_mandir}/man5/*.conf.5%{?ext_man}
%{_mandir}/man5/pam.d.5%{?ext_man}
%{_mandir}/man5/motd.5%{?ext_man}
%{_mandir}/man8/PAM.8%{?ext_man}
%{_mandir}/man8/faillock.8%{?ext_man}
%{_mandir}/man8/mkhomedir_helper.8%{?ext_man}
%{_mandir}/man8/pam.8%{?ext_man}
%{_mandir}/man8/pam_access.8%{?ext_man}
%{_mandir}/man8/pam_debug.8%{?ext_man}
%{_mandir}/man8/pam_deny.8%{?ext_man}
%{_mandir}/man8/pam_echo.8%{?ext_man}
%{_mandir}/man8/pam_env.8%{?ext_man}
%{_mandir}/man8/pam_exec.8%{?ext_man}
%{_mandir}/man8/pam_faildelay.8%{?ext_man}
%{_mandir}/man8/pam_faillock.8%{?ext_man}
%{_mandir}/man8/pam_filter.8%{?ext_man}
%{_mandir}/man8/pam_ftp.8%{?ext_man}
%{_mandir}/man8/pam_group.8%{?ext_man}
%{_mandir}/man8/pam_issue.8%{?ext_man}
%{_mandir}/man8/pam_keyinit.8%{?ext_man}
%{_mandir}/man8/pam_lastlog.8%{?ext_man}
%{_mandir}/man8/pam_limits.8%{?ext_man}
%{_mandir}/man8/pam_listfile.8%{?ext_man}
%{_mandir}/man8/pam_localuser.8%{?ext_man}
%{_mandir}/man8/pam_loginuid.8%{?ext_man}
%{_mandir}/man8/pam_mail.8%{?ext_man}
%{_mandir}/man8/pam_mkhomedir.8%{?ext_man}
%{_mandir}/man8/pam_motd.8%{?ext_man}
%{_mandir}/man8/pam_namespace.8%{?ext_man}
%{_mandir}/man8/pam_namespace_helper.8%{?ext_man}
%{_mandir}/man8/pam_nologin.8%{?ext_man}
%{_mandir}/man8/pam_permit.8%{?ext_man}
%{_mandir}/man8/pam_pwhistory.8%{?ext_man}
%{_mandir}/man8/pam_rhosts.8%{?ext_man}
%{_mandir}/man8/pam_rootok.8%{?ext_man}
%{_mandir}/man8/pam_securetty.8%{?ext_man}
%{_mandir}/man8/pam_selinux.8%{?ext_man}
%{_mandir}/man8/pam_sepermit.8%{?ext_man}
%{_mandir}/man8/pam_setquota.8%{?ext_man}
%{_mandir}/man8/pam_shells.8%{?ext_man}
%{_mandir}/man8/pam_stress.8%{?ext_man}
%{_mandir}/man8/pam_succeed_if.8%{?ext_man}
%{_mandir}/man8/pam_time.8%{?ext_man}
%{_mandir}/man8/pam_timestamp.8%{?ext_man}
%{_mandir}/man8/pam_timestamp_check.8%{?ext_man}
%{_mandir}/man8/pam_tty_audit.8%{?ext_man}
%{_mandir}/man8/pam_umask.8%{?ext_man}
%{_mandir}/man8/pam_unix.8%{?ext_man}
%{_mandir}/man8/pam_usertype.8%{?ext_man}
%{_mandir}/man8/pam_warn.8%{?ext_man}
%{_mandir}/man8/pam_wheel.8%{?ext_man}
%{_mandir}/man8/pam_xauth.8%{?ext_man}
%{_mandir}/man8/pwhistory_helper.8%{?ext_man}
%{_mandir}/man8/unix2_chkpwd.8%{?ext_man}
%{_mandir}/man8/unix_chkpwd.8%{?ext_man}
%{_mandir}/man8/unix_update.8%{?ext_man}
%endif
%changelog %changelog

32
pam_unix-nis.changes
View File

@ -1,32 +0,0 @@
-------------------------------------------------------------------
Fri Sep 10 10:23:13 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
- Update to version 1.5.2
-------------------------------------------------------------------
Tue Jul 13 13:40:54 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
- revert-check_shadow_expiry.diff: revert wrong
CRYPT_SALT_METHOD_LEGACY check.
-------------------------------------------------------------------
Wed Jun 9 14:02:02 UTC 2021 - Ludwig Nussel <lnussel@suse.de>
- Remove usrmerged conditional as it's now the default
-------------------------------------------------------------------
Thu Feb 18 22:16:58 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
- Add missing conflicts for pam_unix
-------------------------------------------------------------------
Tue Feb 16 10:27:27 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
- Fix split provides and BuildRequires
- Makefile-pam_unix-nis.diff: Link pam_unix-nis.so against outside
pam library
-------------------------------------------------------------------
Fri Feb 12 13:44:39 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
- standalone pam_unix with NIS support

88
pam_unix-nis.spec
View File

@ -1,88 +0,0 @@
#
# spec file for package pam
#
# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
#
%define enable_selinux 1
%define libpam_so_version 0.85.1
%define libpam_misc_so_version 0.82.1
%define libpamc_so_version 0.82.1
%if ! %{defined _distconfdir}
%define _distconfdir %{_sysconfdir}
%define config_noreplace 1
%endif
Name: pam_unix-nis
#
Version: 1.5.2
Release: 0
Summary: PAM module for standard UNIX and NIS authentication
License: GPL-2.0-or-later OR BSD-3-Clause
Group: System/Libraries
URL: http://www.linux-pam.org/
Source: Linux-PAM-%{version}.tar.xz
Source9: baselibs.conf
Patch: Makefile-pam_unix-nis.diff
BuildRequires: pam-devel
%if 0%{?suse_version} > 1320
BuildRequires: pkgconfig(libeconf)
BuildRequires: pkgconfig(libnsl)
BuildRequires: pkgconfig(libtirpc)
%endif
%if %{enable_selinux}
BuildRequires: libselinux-devel
%endif
Provides: pam:/%{_lib}/security/pam_unix.so
Provides: pam_unix.so
Conflicts: pam_unix
%description
This package contains the pam_unix module, which does the standard
UNIX authentication against the passwd and shadow database. This
module has NIS support.
%prep
%setup -q -n Linux-PAM-%{version}
%patch -p1
%build
export CFLAGS="%{optflags} -DNDEBUG"
%configure \
--includedir=%{_includedir}/security \
--docdir=%{_docdir}/pam \
--htmldir=%{_docdir}/pam/html \
--pdfdir=%{_docdir}/pam/pdf \
--enable-isadir=../..%{_pam_moduledir} \
--enable-securedir=%{_pam_moduledir} \
--enable-vendordir=%{_distconfdir}
make -C modules/pam_unix
%install
mkdir -p %{buildroot}%{_pam_moduledir}
install -m 755 modules/pam_unix/.libs/pam_unix.so %{buildroot}%{_pam_moduledir}/
for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session; do
ln -f %{buildroot}%{_pam_moduledir}/pam_unix.so %{buildroot}%{_pam_moduledir}/$x.so
done
%files
%license COPYING
%{_pam_moduledir}/pam_unix.so
%{_pam_moduledir}/pam_unix_acct.so
%{_pam_moduledir}/pam_unix_auth.so
%{_pam_moduledir}/pam_unix_passwd.so
%{_pam_moduledir}/pam_unix_session.so
%changelog

97
pam_xauth_data.3.xml.patch Normal file
View File

@ -0,0 +1,97 @@
--- a/doc/man/pam_xauth_data.3.xml 2021-11-01 12:04:45.640077994 +0100
+++ b/doc/man/pam_xauth_data.3.xml 2019-09-24 13:06:13.531781973 +0200
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
+
+<refentry id="pam_xauth_data">
+
+ <refmeta>
+ <refentrytitle>pam_xauth_data</refentrytitle>
+ <manvolnum>3</manvolnum>
+ <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pam_xauth_data-name">
+ <refname>pam_xauth_data</refname>
+ <refpurpose>structure containing X authentication data</refpurpose>
+ </refnamediv>
+
+<!-- body begins here -->
+
+ <refsynopsisdiv>
+ <funcsynopsis id="pam_xauth_data-synopsis">
+ <funcsynopsisinfo>#include &lt;security/pam_appl.h&gt;</funcsynopsisinfo>
+ </funcsynopsis>
+ <programlisting>
+struct pam_xauth_data {
+ int namelen;
+ char *name;
+ int datalen;
+ char *data;
+};
+ </programlisting>
+ </refsynopsisdiv>
+
+ <refsect1 id='pam_xauth_data-description'>
+ <title>DESCRIPTION</title>
+ <para>
+ The <function>pam_xauth_data</function> structure contains X
+ authentication data used to make a connection to an X display.
+ Using this mechanism, an application can communicate X
+ authentication data to PAM service modules. This allows modules to
+ make a connection to the user's X display in order to label the
+ user's session on login, display visual feedback or for other
+ purposes.
+ </para>
+ <para>
+ The <emphasis>name</emphasis> field contains the name of the
+ authentication method, such as "MIT-MAGIC-COOKIE-1". The
+ <emphasis>namelen</emphasis> field contains the length of this string,
+ not including the trailing NUL character.
+ </para>
+ <para>
+ The <emphasis>data</emphasis> field contains the authentication
+ method-specific data corresponding to the specified name. The
+ <emphasis>datalen</emphasis> field contains its length in bytes.
+ </para>
+ <para>
+ The X authentication data can be changed with the
+ <emphasis>PAM_XAUTH_DATA</emphasis> item. It can be queried and
+ set with
+ <citerefentry>
+ <refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>
+ and
+ <citerefentry>
+ <refentrytitle>pam_set_item </refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> respectively. The value used to set it should be
+ a pointer to a pam_xauth_data structure. An internal copy of both
+ the structure itself and its fields is made by PAM when setting the
+ item.
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_xauth_data-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_xauth_data-standards'>
+ <title>STANDARDS</title>
+ <para>
+ The <function>pam_xauth_data</function> structure and
+ <emphasis>PAM_XAUTH_DATA</emphasis> item are
+ Linux-PAM extensions.
+ </para>
+ </refsect1>
+
+</refentry>