diff --git a/Makefile-pam_unix-nis.diff b/Makefile-pam_unix-nis.diff new file mode 100644 index 0000000..a3967c8 --- /dev/null +++ b/Makefile-pam_unix-nis.diff @@ -0,0 +1,21 @@ +diff -urN Linux-PAM-1.5.1.orig/modules/pam_unix/Makefile.in Linux-PAM-1.5.1/modules/pam_unix/Makefile.in +--- Linux-PAM-1.5.1.orig/modules/pam_unix/Makefile.in 2020-11-25 17:57:14.000000000 +0100 ++++ Linux-PAM-1.5.1/modules/pam_unix/Makefile.in 2021-02-12 14:33:38.159412343 +0100 +@@ -155,7 +155,7 @@ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } + LTLIBRARIES = $(securelib_LTLIBRARIES) +-pam_unix_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la ++pam_unix_la_DEPENDENCIES = + am_pam_unix_la_OBJECTS = bigcrypt.lo pam_unix_acct.lo pam_unix_auth.lo \ + pam_unix_passwd.lo pam_unix_sess.lo support.lo passverify.lo \ + yppasswd_xdr.lo md5_good.lo md5_broken.lo +@@ -654,7 +654,7 @@ + + pam_unix_la_LDFLAGS = -no-undefined -avoid-version -module \ + $(am__append_1) +-pam_unix_la_LIBADD = $(top_builddir)/libpam/libpam.la \ ++pam_unix_la_LIBADD = -lpam \ + @LIBCRYPT@ @LIBSELINUX@ @TIRPC_LIBS@ @NSL_LIBS@ + + securelib_LTLIBRARIES = pam_unix.la diff --git a/baselibs.conf b/baselibs.conf index aa1a812..0ef7093 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -2,3 +2,7 @@ pam pam-extra pam-deprecated pam-devel +pam_unix + conflicts "pam_unix-nis-" +pam_unix-nis + conflicts "pam_unix-" diff --git a/pam.changes b/pam.changes index 65ca43d..8c8680e 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Thu Feb 18 22:16:43 UTC 2021 - Thorsten Kukuk + +- Add missing conflicts for pam_unix-nis + +------------------------------------------------------------------- +Tue Feb 16 10:27:04 UTC 2021 - Thorsten Kukuk + +- Split out pam_unix module and build without NIS support + ------------------------------------------------------------------- Fri Nov 27 09:10:28 UTC 2020 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index 98cf650..52a9852 100644 --- a/pam.spec +++ b/pam.spec @@ -81,12 +81,12 @@ Requires(post): permissions Recommends: login_defs-support-for-pam >= 1.3.1 %if 0%{?suse_version} > 1320 BuildRequires: pkgconfig(libeconf) -BuildRequires: pkgconfig(libnsl) -BuildRequires: pkgconfig(libtirpc) %endif %if %{enable_selinux} BuildRequires: libselinux-devel %endif +Requires: pam_unix.so +Suggests: pam_unix %if 0%{?suse_version} >= 1330 Requires(pre): group(shadow) Requires(pre): user(root) @@ -97,6 +97,17 @@ PAM (Pluggable Authentication Modules) is a system security tool that allows system administrators to set authentication policies without having to recompile programs that do authentication. +%package -n pam_unix +Summary: PAM module for standard UNIX authentication +Group: System/Libraries +Provides: pam_unix.so +Conflicts: pam_unix-nis + +%description -n pam_unix +This package contains the pam_unix module, which does the standard +UNIX authentication against the passwd and shadow database. This +module does not contain NIS support. + %package extra Summary: PAM module to authenticate against a separate database Group: System/Libraries @@ -409,11 +420,6 @@ done %{pamdir}/pam_timestamp.so %{pamdir}/pam_tty_audit.so %{pamdir}/pam_umask.so -%{pamdir}/pam_unix.so -%{pamdir}/pam_unix_acct.so -%{pamdir}/pam_unix_auth.so -%{pamdir}/pam_unix_passwd.so -%{pamdir}/pam_unix_session.so %{pamdir}/pam_usertype.so %{pamdir}/pam_warn.so %{pamdir}/pam_wheel.so @@ -428,6 +434,14 @@ done %attr(0700,root,root) %{sbindir}/unix_update %{_unitdir}/pam_namespace.service +%files -n pam_unix +%defattr(-,root,root,755) +%{pamdir}/pam_unix.so +%{pamdir}/pam_unix_acct.so +%{pamdir}/pam_unix_auth.so +%{pamdir}/pam_unix_passwd.so +%{pamdir}/pam_unix_session.so + %files extra %defattr(-,root,root,755) %{pamdir}/pam_userdb.so diff --git a/pam_unix-nis.changes b/pam_unix-nis.changes new file mode 100644 index 0000000..709fdc9 --- /dev/null +++ b/pam_unix-nis.changes @@ -0,0 +1,16 @@ +------------------------------------------------------------------- +Thu Feb 18 22:16:58 UTC 2021 - Thorsten Kukuk + +- Add missing conflicts for pam_unix + +------------------------------------------------------------------- +Tue Feb 16 10:27:27 UTC 2021 - Thorsten Kukuk + +- Fix split provides and BuildRequires +- Makefile-pam_unix-nis.diff: Link pam_unix-nis.so against outside + pam library + +------------------------------------------------------------------- +Fri Feb 12 13:44:39 UTC 2021 - Thorsten Kukuk + +- standalone pam_unix with NIS support diff --git a/pam_unix-nis.spec b/pam_unix-nis.spec new file mode 100644 index 0000000..73c4dc9 --- /dev/null +++ b/pam_unix-nis.spec @@ -0,0 +1,106 @@ +# +# spec file for package pam +# +# Copyright (c) 2020 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%if !0%{?usrmerged} +%define libdir /%{_lib} +%define sbindir /sbin +%define pamdir /%{_lib}/security +%else +%define libdir %{_libdir} +%define sbindir %{_sbindir} +# moving this to /usr needs fixing +# several packages short of +# https://github.com/linux-pam/linux-pam/issues/256 +%define pamdir %{_libdir}/security +%endif + +# +%define enable_selinux 1 +%define libpam_so_version 0.85.1 +%define libpam_misc_so_version 0.82.1 +%define libpamc_so_version 0.82.1 +%if ! %{defined _distconfdir} + %define _distconfdir %{_sysconfdir} + %define config_noreplace 1 +%endif +Name: pam_unix-nis +# +Version: 1.5.1 +Release: 0 +Summary: PAM module for standard UNIX and NIS authentication +License: GPL-2.0-or-later OR BSD-3-Clause +Group: System/Libraries +URL: http://www.linux-pam.org/ +Source: Linux-PAM-%{version}.tar.xz +Source9: baselibs.conf +Patch: Makefile-pam_unix-nis.diff +BuildRequires: pam-devel +%if 0%{?suse_version} > 1320 +BuildRequires: pkgconfig(libeconf) +BuildRequires: pkgconfig(libnsl) +BuildRequires: pkgconfig(libtirpc) +%endif +%if %{enable_selinux} +BuildRequires: libselinux-devel +%endif +Provides: pam:/%{_lib}/security/pam_unix.so +Provides: pam_unix.so +Conflicts: pam_unix + +%description +This package contains the pam_unix module, which does the standard +UNIX authentication against the passwd and shadow database. This +module has NIS support. + +%prep +%setup -q -n Linux-PAM-%{version} +%patch -p1 + +%build +export CFLAGS="%{optflags} -DNDEBUG" +%configure \ + --includedir=%{_includedir}/security \ + --docdir=%{_docdir}/pam \ + --htmldir=%{_docdir}/pam/html \ + --pdfdir=%{_docdir}/pam/pdf \ +%if !0%{?usrmerged} + --sbindir=/sbin \ + --libdir=/%{_lib} \ +%endif + --enable-isadir=../..%{pamdir} \ + --enable-securedir=%{pamdir} \ + --enable-vendordir=%{_distconfdir} \ + --enable-tally2 --enable-cracklib +make -C modules/pam_unix + +%install +mkdir -p %{buildroot}%{pamdir} +install -m 755 modules/pam_unix/.libs/pam_unix.so %{buildroot}%{pamdir}/ +for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session; do + ln -f %{buildroot}%{pamdir}/pam_unix.so %{buildroot}%{pamdir}/$x.so +done + +%files +%license COPYING +%{pamdir}/pam_unix.so +%{pamdir}/pam_unix_acct.so +%{pamdir}/pam_unix_auth.so +%{pamdir}/pam_unix_passwd.so +%{pamdir}/pam_unix_session.so + +%changelog