pool/pam
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1080766 from Linux-PAM

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/1080766
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=130
This commit is contained in:
Dominique Leuenberger 2023-04-21 12:15:28 +00:00 committed by Git OBS Bridge
commit a121788e00
13 changed files with 142 additions and 28024 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Linux-PAM-1.5.2-docs.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:bd75b3474dfbed60dff728721c48a6dd88bfea901b607c469bbe5fa5ccc535e4
size 443276

16
Linux-PAM-1.5.2-docs.tar.xz.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIcBAABCgAGBQJhMg78AAoJEKgEH6g54W429wIP/1FdfjVSygdVkmCSbMl0Dvbp
7/DOYkDb1W3KSzD4Y0pE76HXAxC5fL32781oioP3vx4YKLfP7VMxHM42ugFhKBcZ
cdXZGwCHxvbfNesjm++Lg5I0w16Qh9BoJ5UNbcLoIur+bpadmhPorj2SutPY/U9j
klKESN5AQtdnqUivTWbm4z8CrmZs3NoQTCfkv+ABW33olrj2gJtZucuMjfwDMQFS
oDikxPUErpz7tUDuWEM5Gp26B9iuz4mX/2pUmta18r0Y6RGSl6QtmjEhTlGR2n5R
XEDIZX4vLAYzWum63bzJH/xiyoRMur0lO55GSPtpLnLYPdaot8fWYzdpvRdfg7DR
rristlSYNtRhs3ORbMvvxqgkdzVKa6CLm9WuJiTHPY2dxNP6q8TYdHxyPtrscyz0
ijhvxAYGHvJ47JESvV16pLaQhTKdVp95aM+pC8A2WfCMZf8WfKM8ZpT9JtZ6tjwC
wc79KWEX9SARoiqk0ZuqITu1pR9gzzDS5WBehwvJkTFm95PkaxQyPNCYwbUIouUf
c+mg5u2xaXrR4NWLMZZid0HRivwYb3/nK8hqUqRaUEri2KoSl6N5f8KlNiyLQiUN
JYB/GRWFueCkGPzuhCREyxdQ0Pxh3H1Us6TLgFHYv/ZdJjYY9GpqLXx7PuoKhZUU
kfOtmSc7D8FhaXULOtvi
=ijjK
-----END PGP SIGNATURE-----

3
Linux-PAM-1.5.2.90.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5a819c1b629b8101543e6c964a4e22d23b29f3456d28b4ba403dd280e46a6315
size 1009900

3
Linux-PAM-1.5.2.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e4ec7131a91da44512574268f493c6d8ca105c87091691b8e9b56ca685d4f94d
size 988784

16
Linux-PAM-1.5.2.tar.xz.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIcBAABCgAGBQJhMg48AAoJEKgEH6g54W42TUgP/0feavEYuZpjTWche32Ug2nu
h6TGQbqkAasDexkHf6S2p+LYbt/6Nl+EpzOtELY/F3qRq8aYgTlHpJETSSBcZ++t
tIhoaPAhEt+N5vb4YfTQcYIGihdgAzQCj0LViEuG/1PgSUjPdbW8RyvfJTw6I3Ch
XUulrEwyudPCZHDpdW06DMv2we/7oTzrWHVDEmY/TTFKCvDSuAixLrxZrLO/MRK4
huhXhe3oGv+TtLCqPcr0nJDTl44XNQOTbP/Dl+EI/5tXlDLXLH+IiPEMvnDRbsdd
ngqdwM6wsOenEtlcA27YkDID/FRwgGJILKNaaUKSIa/uk8Tzy+Lx0j1wKEmE8P4T
JI+24IIP5Gw8Sxd+NB8lSjtHXlyJF8psAFRWnTb67mgVTXruDXo771Mhqqy2Vu74
sjf03w6jYrcGGKHlr7Q08jncghmMHFdW6jAcOG02oNO1oNrSu67MjAIqFox36Byu
FmCajrGBwCR6bWmHCFRGT9qESWg9zRjPL7vkVBmAQg4J4og8FExUi8wBqt1zFH8W
vGTgCDB/Oue3nYTws27hNKEeYumA8emOHyCG4n80vyA6DbRp+7nrtcDnJQir0lzf
8UfWxooIJNqFH9ohnAqMTqJbKJkjLswLnTVpuyJvgzDwGl4sdSvIToxTo/2jp2W+
q1y3BpSxAA1wOd9/mTM+
=KMIz
-----END PGP SIGNATURE-----

20426
docbook5.patch
View File

File diff suppressed because it is too large Load Diff

26
pam-bsc1177858-dont-free-environment-string.patch
View File

@ -1,26 +0,0 @@
Index: Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c
===================================================================
--- Linux-PAM-1.4.0.orig/modules/pam_xauth/pam_xauth.c
+++ Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c
@@ -701,8 +701,9 @@ pam_sm_open_session (pam_handle_t *pamh,
pam_syslog(pamh, LOG_ERR,
"can't set environment variable '%s'",
xauthority);
- putenv (xauthority); /* The environment owns this string now. */
- /* Don't free environment variables nor set them to NULL. */
+ if (putenv (xauthority) == 0) /* The environment owns this string now. */
+ xauthority = NULL;
+ /* Don't free environment variables. */
/* set $DISPLAY in pam handle to make su - work */
{
@@ -765,7 +766,8 @@ cleanup:
unsetenv (XAUTHENV);
free(cookiefile);
free(cookie);
- free(xauthority);
+ if (xauthority != NULL) /* If it hasn't been successfully passed to putenv() ... */
+ free(xauthority);
return retval;
}

6965
pam-git.diff
View File

File diff suppressed because it is too large Load Diff

105
pam-xauth_ownership.patch
View File

@ -1,105 +0,0 @@
diff -urN Linux-PAM-1.5.0/modules/pam_xauth/pam_xauth.c Linux-PAM-1.5.0.xauth/modules/pam_xauth/pam_xauth.c
--- Linux-PAM-1.5.0/modules/pam_xauth/pam_xauth.c 2020-11-10 16:46:13.000000000 +0100
+++ Linux-PAM-1.5.0.xauth/modules/pam_xauth/pam_xauth.c 2020-11-19 11:50:54.176925556 +0100
@@ -355,11 +355,13 @@
char *cookiefile = NULL, *xauthority = NULL,
*cookie = NULL, *display = NULL, *tmp = NULL,
*xauthlocalhostname = NULL;
- const char *user, *xauth = NULL;
+ const char *user, *xauth = NULL, *login_name;
struct passwd *tpwd, *rpwd;
int fd, i, debug = 0;
int retval = PAM_SUCCESS;
- uid_t systemuser = 499, targetuser = 0;
+ uid_t systemuser = 499, targetuser = 0, uid;
+ gid_t gid;
+ struct stat st;
/* Parse arguments. We don't understand many, so no sense in breaking
* this into a separate function. */
@@ -429,7 +431,16 @@
retval = PAM_SESSION_ERR;
goto cleanup;
}
- rpwd = pam_modutil_getpwuid(pamh, getuid());
+
+ login_name = pam_modutil_getlogin(pamh);
+ if (login_name == NULL) {
+ login_name = "";
+ }
+ if (*login_name)
+ rpwd = pam_modutil_getpwnam(pamh, login_name);
+ else
+ rpwd = pam_modutil_getpwuid(pamh, getuid());
+
if (rpwd == NULL) {
pam_syslog(pamh, LOG_ERR,
"error determining invoking user's name");
@@ -518,18 +529,26 @@
cookiefile);
}
+ /* Get owner and group of the cookiefile */
+ uid = getuid();
+ gid = getgid();
+ if (stat(cookiefile, &st) == 0) {
+ uid = st.st_uid;
+ gid = st.st_gid;
+ }
+
/* Read the user's .Xauthority file. Because the current UID is
* the original user's UID, this will only fail if something has
* gone wrong, or we have no cookies. */
if (debug) {
pam_syslog(pamh, LOG_DEBUG,
- "running \"%s %s %s %s %s\" as %lu/%lu",
- xauth, "-f", cookiefile, "nlist", display,
- (unsigned long) getuid(), (unsigned long) getgid());
+ "running \"%s %s %s %s %s %s\" as %lu/%lu",
+ xauth, "-i", "-f", cookiefile, "nlist", display,
+ (unsigned long) uid, (unsigned long) gid);
}
if (run_coprocess(pamh, NULL, &cookie,
- getuid(), getgid(),
- xauth, "-f", cookiefile, "nlist", display,
+ uid, gid,
+ xauth, "-i", "-f", cookiefile, "nlist", display,
NULL) == 0) {
#ifdef WITH_SELINUX
char *context_raw = NULL;
@@ -583,12 +602,12 @@
cookiefile,
"nlist",
t,
- (unsigned long) getuid(),
- (unsigned long) getgid());
+ (unsigned long) uid,
+ (unsigned long) gid);
}
run_coprocess(pamh, NULL, &cookie,
- getuid(), getgid(),
- xauth, "-f", cookiefile,
+ uid, gid,
+ xauth, "-i", "-f", cookiefile,
"nlist", t, NULL);
}
free(t);
@@ -673,13 +692,17 @@
goto cleanup;
}
+ if (debug) {
+ pam_syslog(pamh, LOG_DEBUG, "set environment variable '%s'",
+ xauthority);
+ }
/* Set the new variable in the environment. */
if (pam_putenv (pamh, xauthority) != PAM_SUCCESS)
pam_syslog(pamh, LOG_ERR,
"can't set environment variable '%s'",
xauthority);
putenv (xauthority); /* The environment owns this string now. */
- xauthority = NULL; /* Don't free environment variables. */
+ /* Don't free environment variables nor set them to NULL. */
/* set $DISPLAY in pam handle to make su - work */
{

116
pam.changes
View File

@ -1,3 +1,39 @@
-------------------------------------------------------------------
Thu Apr 20 09:40:50 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
- pam-extra: add split provide
-------------------------------------------------------------------
Wed Apr 12 11:28:48 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
- pam-userdb: add split provide
-------------------------------------------------------------------
Tue Apr 11 07:53:44 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
- Drop pam-xauth_ownership.patch, got fixed in sudo itself
- Drop pam-bsc1177858-dont-free-environment-string.patch, was a
fix for above patch
-------------------------------------------------------------------
Thu Apr 6 12:11:30 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
- Use bcond selinux to disable SELinux
- Remove old pam_unix_* compat symlinks
- Move pam_userdb to own pam-userdb sub-package
- pam-extra contains now modules having extended dependencies like
libsystemd
- Update to 1.5.3.90 git snapshot
- Drop merged patches:
- pam-git.diff
- docbook5.patch
- pam_pwhistory-docu.patch
- pam_xauth_data.3.xml.patch
- Drop Linux-PAM-1.5.2.90.tar.xz as we have to rebuild all
documentation anyways and don't use the prebuild versions
- Move all devel manual pages to pam-manpages, too. Fixes the
problem that adjusted defaults not shown correct.
-------------------------------------------------------------------
Mon Mar 20 10:12:41 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
@ -45,7 +81,7 @@ Thu Dec 15 12:47:53 UTC 2022 - Thorsten Kukuk <kukuk@suse.com>
Tue Dec 6 16:43:49 UTC 2022 - Thorsten Kukuk <kukuk@suse.com>
- pam_pwhistory-docu.patch, docbook5.patch: convert docu to
docbook5
docbook5
-------------------------------------------------------------------
Thu Dec 1 13:51:35 UTC 2022 - Thorsten Kukuk <kukuk@suse.com>
@ -129,7 +165,7 @@ Mon Nov 22 13:12:09 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
- 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch
- 0002-Only-include-vendordir-in-manual-page-if-set-401.patch
- 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch
- For buggy bot: Makefile-pam_unix-nis.diff belonged to the other
- For buggy bot: Makefile-pam_unix-nis.diff belonged to the other
spec file.
-------------------------------------------------------------------
@ -296,7 +332,7 @@ Fri Nov 27 09:10:28 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
-------------------------------------------------------------------
Thu Nov 26 13:31:52 UTC 2020 - Ludwig Nussel <lnussel@suse.de>
- add macros.pam to abstract directory for pam modules
- add macros.pam to abstract directory for pam modules
-------------------------------------------------------------------
Thu Nov 19 15:43:33 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
@ -678,8 +714,8 @@ Thu Dec 8 12:41:05 UTC 2016 - josef.moellers@suse.com
-------------------------------------------------------------------
Sun Jul 31 11:08:19 UTC 2016 - develop7@develop7.info
- pam-limit-nproc.patch: increased process limit to help
Chrome/Chromuim users with really lots of tabs. New limit gets
- pam-limit-nproc.patch: increased process limit to help
Chrome/Chromuim users with really lots of tabs. New limit gets
closer to UserTasksMax parameter in logind.conf
-------------------------------------------------------------------
@ -803,7 +839,7 @@ Mon Jan 27 17:05:11 CET 2014 - kukuk@suse.de
-------------------------------------------------------------------
Mon Jan 27 15:14:34 CET 2014 - kukuk@suse.de
- Update to current git (Linux-PAM-git-20140127.diff), which
- Update to current git (Linux-PAM-git-20140127.diff), which
obsoletes pam_loginuid-part1.diff, pam_loginuid-part2.diff and
Linux-PAM-git-20140109.diff.
- Fix gratuitous use of strdup and x_strdup
@ -865,7 +901,7 @@ Sat Sep 28 09:26:21 UTC 2013 - mc@suse.com
-------------------------------------------------------------------
Fri Sep 20 21:42:54 UTC 2013 - hrvoje.senjan@gmail.com
- Explicitly add pam_systemd.so to list of modules in
- Explicitly add pam_systemd.so to list of modules in
common-session.pamd (bnc#812462)
-------------------------------------------------------------------
@ -886,7 +922,7 @@ Mon Sep 16 11:54:15 CEST 2013 - kukuk@suse.de
-------------------------------------------------------------------
Thu Sep 12 10:05:53 CEST 2013 - kukuk@suse.de
- Remove pam_unix-login.defs.diff, not needed anymore
- Remove pam_unix-login.defs.diff, not needed anymore
-------------------------------------------------------------------
Thu Sep 12 09:47:52 CEST 2013 - kukuk@suse.de
@ -908,7 +944,7 @@ Mon May 27 12:26:53 CEST 2013 - kukuk@suse.de
-------------------------------------------------------------------
Fri Apr 26 10:25:06 UTC 2013 - mmeister@suse.com
- Added libtool as BuildRequire, and autoreconf -i option to fix
- Added libtool as BuildRequire, and autoreconf -i option to fix
build with new automake
-------------------------------------------------------------------
@ -1004,7 +1040,7 @@ Wed May 25 16:15:30 CEST 2011 - kukuk@suse.de
Wed Feb 23 12:45:03 UTC 2011 - vcizek@novell.com
- bnc#673826 rework
* manpage is left intact, as it was
* manpage is left intact, as it was
* correct parsing of "quiet" option
-------------------------------------------------------------------
@ -1037,7 +1073,7 @@ Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de
-------------------------------------------------------------------
Mon May 10 14:22:18 CEST 2010 - kukuk@suse.de
- Update to current CVS version (pam_rootok: Add support for
- Update to current CVS version (pam_rootok: Add support for
chauthtok and acct_mgmt, [bnc#533249])
-------------------------------------------------------------------
@ -1087,13 +1123,13 @@ Fri Apr 3 21:43:48 CEST 2009 - rguenther@suse.de
Fri Mar 27 11:41:23 CET 2009 - kukuk@suse.de
- Update to version 1.0.91 aka 1.1 Beta2:
* Changes in the behavior of the password stack. Results of
* Changes in the behavior of the password stack. Results of
PRELIM_CHECK are not used for the final run.
* Redefine LOCAL keyword of pam_access configuration file
* Add support for try_first_pass and use_first_pass to
* Add support for try_first_pass and use_first_pass to
pam_cracklib
* New password quality tests in pam_cracklib
* Add support for passing PAM_AUTHTOK to stdin of helpers from
* Add support for passing PAM_AUTHTOK to stdin of helpers from
pam_exec
* New options for pam_lastlog to show last failed login attempt and
to disable lastlog update
@ -1137,7 +1173,7 @@ Thu Dec 4 12:34:56 CET 2008 - olh@suse.de
-------------------------------------------------------------------
Thu Nov 27 15:56:51 CET 2008 - mc@suse.de
- enhance the man page for limits.conf (bnc#448314)
- enhance the man page for limits.conf (bnc#448314)
-------------------------------------------------------------------
Mon Nov 24 17:21:19 CET 2008 - kukuk@suse.de
@ -1154,7 +1190,7 @@ Wed Nov 19 11:13:31 CET 2008 - kukuk@suse.de
Tue Nov 4 13:42:03 CET 2008 - mc@suse.de
- pam_xauth: put XAUTHLOCALHOSTNAME into new enviroment
(bnc#441314)
(bnc#441314)
-------------------------------------------------------------------
Fri Oct 17 14:02:31 CEST 2008 - kukuk@suse.de
@ -1263,7 +1299,7 @@ Mon Mar 26 15:48:13 CEST 2007 - rguenther@suse.de
Wed Jan 24 11:27:16 CET 2007 - mc@suse.de
- add %verify_permissions for /sbin/unix_chkpwd
[#237625]
[#237625]
-------------------------------------------------------------------
Tue Jan 23 13:19:51 CET 2007 - kukuk@suse.de
@ -1422,7 +1458,7 @@ Thu Mar 2 16:49:10 CET 2006 - kukuk@suse.de
-------------------------------------------------------------------
Thu Feb 23 13:21:22 CET 2006 - kukuk@suse.de
- pam_lastlog:
- pam_lastlog:
- Initialize correct struct member [SF#1427401]
- Mark strftime fmt string for translation [SF#1428269]
@ -1434,13 +1470,13 @@ Sun Feb 19 09:15:42 CET 2006 - kukuk@suse.de
-------------------------------------------------------------------
Sat Feb 18 12:45:19 CET 2006 - ro@suse.de
- really disable audit if header file not present
- really disable audit if header file not present
-------------------------------------------------------------------
Tue Feb 14 13:29:42 CET 2006 - kukuk@suse.de
- Update fi.po
- Add km.po
- Add km.po
- Update pl.po
-------------------------------------------------------------------
@ -1603,7 +1639,7 @@ Fri May 20 13:18:43 CEST 2005 - kukuk@suse.de
-------------------------------------------------------------------
Thu May 12 16:37:07 CEST 2005 - schubi@suse.de
- Bug 82687 - pam_client.h redefines __u8 and __u32
- Bug 82687 - pam_client.h redefines __u8 and __u32
-------------------------------------------------------------------
Fri Apr 29 11:18:16 CEST 2005 - kukuk@suse.de
@ -1629,7 +1665,7 @@ Mon Jan 24 16:02:11 CET 2005 - kukuk@suse.de
Mon Jan 24 11:30:27 CET 2005 - schubi@suse.de
- Made patch of latest CVS tree
- Removed patch pam_handler.diff ( included in CVS now )
- Removed patch pam_handler.diff ( included in CVS now )
- moved Linux-PAM-0.78.dif to pam_group_time.diff
-------------------------------------------------------------------
@ -1692,7 +1728,7 @@ Fri Mar 12 14:32:27 CET 2004 - kukuk@suse.de
-------------------------------------------------------------------
Sun Jan 18 12:11:37 CET 2004 - meissner@suse.de
- We no longer have pam in the buildsystem, so we
- We no longer have pam in the buildsystem, so we
need some buildroot magic flags for the dlopen tests.
-------------------------------------------------------------------
@ -1756,7 +1792,7 @@ Tue Jun 10 12:08:56 CEST 2003 - kukuk@suse.de
-------------------------------------------------------------------
Tue May 27 16:26:00 CEST 2003 - ro@suse.de
- added cracklib-devel to neededforbuild
- added cracklib-devel to neededforbuild
-------------------------------------------------------------------
Thu Feb 13 14:56:05 CET 2003 - kukuk@suse.de
@ -1776,7 +1812,7 @@ Mon Nov 11 11:26:13 CET 2002 - ro@suse.de
-------------------------------------------------------------------
Sat Sep 14 18:12:49 CEST 2002 - ro@suse.de
- changed securetty / use extra file
- changed securetty / use extra file
-------------------------------------------------------------------
Fri Sep 13 18:21:35 CEST 2002 - bk@suse.de
@ -1830,7 +1866,7 @@ Wed Mar 13 10:44:20 CET 2002 - kukuk@suse.de
-------------------------------------------------------------------
Mon Feb 11 22:46:43 CET 2002 - ro@suse.de
- tar option for bz2 is "j"
- tar option for bz2 is "j"
-------------------------------------------------------------------
Fri Jan 25 18:55:26 CET 2002 - kukuk@suse.de
@ -1933,7 +1969,7 @@ Tue Feb 13 14:17:13 CET 2001 - kukuk@suse.de
-------------------------------------------------------------------
Tue Feb 6 01:34:06 CET 2001 - ro@suse.de
- pam_issue.c: include time.h to make it compile
- pam_issue.c: include time.h to make it compile
-------------------------------------------------------------------
Fri Jan 5 22:51:44 CET 2001 - kukuk@suse.de
@ -1964,12 +2000,12 @@ Thu Oct 26 16:36:09 CEST 2000 - kukuk@suse.de
-------------------------------------------------------------------
Fri Oct 20 12:03:07 CEST 2000 - kukuk@suse.de
- Don't link PAM modules against old libpam library
- Don't link PAM modules against old libpam library
-------------------------------------------------------------------
Wed Oct 18 11:53:34 CEST 2000 - kukuk@suse.de
- Create new "devel" subpackage
- Create new "devel" subpackage
-------------------------------------------------------------------
Thu Oct 12 15:16:55 CEST 2000 - kukuk@suse.de
@ -1979,7 +2015,7 @@ Thu Oct 12 15:16:55 CEST 2000 - kukuk@suse.de
-------------------------------------------------------------------
Tue Oct 3 15:05:00 CEST 2000 - kukuk@suse.de
- Fix problems with new gcc and glibc 2.2 header files
- Fix problems with new gcc and glibc 2.2 header files
-------------------------------------------------------------------
Wed Sep 13 13:12:08 CEST 2000 - kukuk@suse.de
@ -2034,7 +2070,7 @@ Tue Feb 15 17:47:50 CET 2000 - kukuk@suse.de
-------------------------------------------------------------------
Mon Feb 7 17:55:42 CET 2000 - kukuk@suse.de
- pwdb: Update to 0.61
- pwdb: Update to 0.61
-------------------------------------------------------------------
Thu Jan 27 16:54:03 CET 2000 - kukuk@suse.de
@ -2053,7 +2089,7 @@ Thu Jan 13 18:22:10 CET 2000 - kukuk@suse.de
-------------------------------------------------------------------
Wed Oct 13 16:48:51 MEST 1999 - kukuk@suse.de
- pam_pwdb: Add security fixes from RedHat
- pam_pwdb: Add security fixes from RedHat
-------------------------------------------------------------------
Mon Oct 11 20:34:18 MEST 1999 - kukuk@suse.de
@ -2077,14 +2113,14 @@ Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de
Sat Sep 11 17:38:50 MEST 1999 - kukuk@suse.de
- Add pam_wheel to file list
- pam_wheel: Minor fixes
- pam_wheel: Minor fixes
- pam_unix2: root is allowed to change passwords with wrong
password aging information
-------------------------------------------------------------------
Mon Aug 30 10:16:43 MEST 1999 - kukuk@suse.de
- pam_unix2: Fix typo
- pam_unix2: Fix typo
-------------------------------------------------------------------
Thu Aug 19 16:05:09 MEST 1999 - kukuk@suse.de
@ -2104,7 +2140,7 @@ Tue Jul 13 11:09:41 MEST 1999 - kukuk@suse.de
-------------------------------------------------------------------
Sat Jul 10 18:41:00 MEST 1999 - kukuk@suse.de
- Add HP-UX password aging to pam_unix2.
- Add HP-UX password aging to pam_unix2.
-------------------------------------------------------------------
Wed Jul 7 17:45:04 MEST 1999 - kukuk@suse.de
@ -2130,7 +2166,7 @@ Tue Jun 29 10:57:18 MEST 1999 - kukuk@suse.de
-------------------------------------------------------------------
Mon Jun 28 13:59:18 MEST 1999 - kukuk@suse.de
- pam_warn: Add missing functions
- pam_warn: Add missing functions
- other.pamd: Update
- Add more doku
@ -2144,19 +2180,19 @@ Thu Jun 24 14:24:54 MEST 1999 - kukuk@suse.de
Mon Jun 21 10:10:35 MEST 1999 - kukuk@suse.de
- Update to Linux-PAM 0.67
- Add Debian pam_env patch
- Add Debian pam_env patch
-------------------------------------------------------------------
Thu Jun 17 15:59:30 MEST 1999 - kukuk@suse.de
- pam_ftp malloc (core dump) fix
- pam_ftp malloc (core dump) fix
-------------------------------------------------------------------
Tue Jun 15 18:57:03 MEST 1999 - kukuk@suse.de
- pam_unix2 fixes
- pam_unix2 fixes
-------------------------------------------------------------------
Mon Jun 7 11:34:48 MEST 1999 - kukuk@suse.de
- First PAM package: pam 0.66, pwdb 0.57 and pam_unix2
- First PAM package: pam 0.66, pwdb 0.57 and pam_unix2

126
pam.spec
View File

@ -35,6 +35,7 @@
%define livepatchable 0
%endif
%bcond_without selinux
%bcond_with debug
%define flavor @BUILD_FLAVOR@%{nil}
@ -46,15 +47,18 @@
%if "%{flavor}" == "full"
%define build_main 0
%define build_doc 1
%define build_extra 1
%define build_userdb 1
%define name_suffix -%{flavor}-src
%else
%define build_main 1
%define build_doc 0
%define build_extra 0
%define build_userdb 0
%define name_suffix %{nil}
%endif
#
%define enable_selinux 1
%define libpam_so_version 0.85.1
%define libpam_misc_so_version 0.82.1
%define libpamc_so_version 0.82.1
@ -67,14 +71,14 @@
#
Name: pam%{name_suffix}
#
Version: 1.5.2
Version: 1.5.2.90
Release: 0
Summary: A Security Tool that Provides Authentication for Applications
License: GPL-2.0-or-later OR BSD-3-Clause
Group: System/Libraries
URL: http://www.linux-pam.org/
URL: https://github.com/linux-pam/linux-pam
Source: Linux-PAM-%{version}.tar.xz
Source1: Linux-PAM-%{version}-docs.tar.xz
# XXX Source1: Linux-PAM-%{version}.tar.xz.asc
Source2: macros.pam
Source3: other.pamd
Source4: common-auth.pamd
@ -86,20 +90,12 @@ Source10: unix2_chkpwd.c
Source11: unix2_chkpwd.8
Source12: pam-login_defs-check.sh
Source13: pam.tmpfiles
Source14: Linux-PAM-%{version}-docs.tar.xz.asc
Source15: Linux-PAM-%{version}.tar.xz.asc
Source20: common-session-nonlogin.pamd
Source21: postlogin-auth.pamd
Source22: postlogin-account.pamd
Source23: postlogin-password.pamd
Source24: postlogin-session.pamd
Patch1: pam-limit-nproc.patch
Patch3: pam-xauth_ownership.patch
Patch4: pam-bsc1177858-dont-free-environment-string.patch
Patch5: pam_xauth_data.3.xml.patch
Patch11: pam-git.diff
Patch13: pam_pwhistory-docu.patch
Patch14: docbook5.patch
BuildRequires: audit-devel
BuildRequires: bison
BuildRequires: flex
@ -110,39 +106,55 @@ Requires(post): permissions
# Upgrade this symbol version only if new variables appear!
# Verify by shadow-login_defs-check.sh from shadow source package.
Recommends: login_defs-support-for-pam >= 1.5.2
%if 0%{?suse_version} > 1320
BuildRequires: pkgconfig(libeconf)
%endif
%if %{enable_selinux}
%if %{with selinux}
BuildRequires: libselinux-devel
%endif
Obsoletes: pam_unix
Obsoletes: pam_unix-nis
Recommends: pam-manpages
%if 0%{?suse_version} >= 1330
Requires(pre): group(shadow)
Requires(pre): user(root)
%endif
%description
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policies without
having to recompile programs that do authentication.
%package extra
%if %{build_userdb}
%package -n pam-userdb
Summary: PAM module to authenticate against a separate database
Group: System/Libraries
Provides: pam-extra:%{_pam_moduledir}/pam_userdb.so
BuildRequires: libdb-4_8-devel
BuildRequires: pam-devel
%description extra
%description -n pam-userdb
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policies without
having to recompile programs that do authentication.
This package contains useful extra modules eg pam_userdb which is
used to verify a username/password pair against values stored in
a Berkeley DB database.
This package contains pam_userdb which is used to verify a
username/password pair against values stored in a Berkeley DB database.
%endif
%if %{build_extra}
%package -n pam-extra
Summary: PAM module with extended dependencies
Group: System/Libraries
BuildRequires: pkgconfig(systemd)
BuildRequires: pam-devel
Provides: pam:%{_sbindir}/pam_timestamp_check
%description -n pam-extra
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policies without
having to recompile programs that do authentication.
This package contains extra modules eg pam_issue and pam_timestamp which
can have extended dependencies.
%endif
%if %{build_doc}
@ -191,17 +203,9 @@ This package contains header files and static libraries used for
building both PAM-aware applications and modules for use with PAM.
%prep
%setup -q -n Linux-PAM-%{version} -b 1
%setup -q -n Linux-PAM-%{version}
cp -a %{SOURCE12} .
%patch11 -p1
%patch1 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%if %{build_doc}
%patch13 -p1
%patch14 -p1
%endif
%build
bash ./pam-login_defs-check.sh
@ -220,6 +224,7 @@ CFLAGS="$CFLAGS -fpatchable-function-entry=16,14 -fdump-ipa-clones"
--enable-isadir=../..%{_pam_moduledir} \
--enable-securedir=%{_pam_moduledir} \
--enable-vendordir=%{_prefix}/etc \
--disable-nis \
%if %{with debug}
--enable-debug
%endif
@ -291,9 +296,6 @@ mkdir -p %{buildroot}%{_prefix}/lib/motd.d
# Remove crap
#
find %{buildroot} -type f -name "*.la" -delete -print
for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session; do
ln -f %{buildroot}%{_pam_moduledir}/pam_unix.so %{buildroot}%{_pam_moduledir}/$x.so
done
#
# Install READMEs of PAM modules
#
@ -312,27 +314,25 @@ install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam
# /run/motd.d
install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/pam.conf
mkdir -p %{buildroot}%{_pam_secdistconfdir}
mv %{buildroot}%{_sysconfdir}/security/{limits.conf,faillock.conf,group.conf,pam_env.conf,access.conf,limits.d,sepermit.conf,time.conf} %{buildroot}%{_pam_secdistconfdir}/
mv %{buildroot}%{_sysconfdir}/security/{namespace.conf,namespace.d,namespace.init} %{buildroot}%{_pam_secdistconfdir}/
mkdir -p %{buildroot}%{_pam_secdistconfdir}/{limits.d,namespace.d}
mv %{buildroot}%{_sysconfdir}/environment %{buildroot}%{_distconfdir}/environment
# Remove manual pages for main package
%if !%{build_doc}
rm -rf %{buildroot}%{_mandir}/man[58]/*
install -m 644 modules/pam_userdb/pam_userdb.8 %{buildroot}/%{_mandir}/man8/
rm -rf %{buildroot}%{_mandir}/man?/*
%else
install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/
# bsc#1188724
echo '.so man8/pam_motd.8' > %{buildroot}%{_mandir}/man5/motd.5
%endif
%if !%{build_main}
rm -rf %{buildroot}{%{_sysconfdir},%{_distconfdir},%{_sbindir},%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale}
rm -rf %{buildroot}{%{_includedir},%{_libdir},%{_prefix}/lib}
rm -rf %{buildroot}%{_mandir}/man3/*
rm -rf %{buildroot}%{_mandir}/man8/pam_userdb.8*
%if !%{build_main}
rm -rf %{buildroot}{%{_sysconfdir},%{_distconfdir},%{_sbindir}/{f*,m*,pam_n*,pw*,u*},%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale}
rm -rf %{buildroot}{%{_includedir},%{_libdir}/{libpam*,pkgconfig},%{_pam_vendordir},%{_rpmmacrodir},%{_tmpfilesdir}}
rm -rf %{buildroot}%{_pam_moduledir}/pam_{a,b,c,d,e,f,g,h,j,k,l,m,n,o,p,q,r,s,v,w,x,y,z,time.,tt,um,un,usertype}*
%else
# Delete files for extra package
rm -rf %{buildroot}{%{_pam_moduledir}/pam_issue.so,%{_pam_moduledir}/pam_timestamp.so,%{_sbindir}/pam_timestamp_check}
# Create filelist with translations
%find_lang Linux-PAM
@ -392,13 +392,13 @@ done
%{_pam_secdistconfdir}/faillock.conf
%{_pam_secdistconfdir}/limits.conf
%{_pam_secdistconfdir}/pam_env.conf
%if %{enable_selinux}
%if %{with selinux}
%{_pam_secdistconfdir}/sepermit.conf
%endif
%{_pam_secdistconfdir}/time.conf
%{_pam_secdistconfdir}/namespace.conf
%{_pam_secdistconfdir}/namespace.init
%config(noreplace) %{_pam_secconfdir}/pwhistory.conf
%{_pam_secdistconfdir}/pwhistory.conf
%dir %{_pam_secdistconfdir}/namespace.d
%{_libdir}/libpam.so.0
%{_libdir}/libpam.so.%{libpam_so_version}
@ -420,9 +420,7 @@ done
%{_pam_moduledir}//pam_filter/upperLOWER
%{_pam_moduledir}/pam_ftp.so
%{_pam_moduledir}/pam_group.so
%{_pam_moduledir}/pam_issue.so
%{_pam_moduledir}/pam_keyinit.so
%{_pam_moduledir}/pam_lastlog.so
%{_pam_moduledir}/pam_limits.so
%{_pam_moduledir}/pam_listfile.so
%{_pam_moduledir}/pam_localuser.so
@ -437,7 +435,7 @@ done
%{_pam_moduledir}/pam_rhosts.so
%{_pam_moduledir}/pam_rootok.so
%{_pam_moduledir}/pam_securetty.so
%if %{enable_selinux}
%if %{with selinux}
%{_pam_moduledir}/pam_selinux.so
%{_pam_moduledir}/pam_sepermit.so
%endif
@ -446,14 +444,9 @@ done
%{_pam_moduledir}/pam_stress.so
%{_pam_moduledir}/pam_succeed_if.so
%{_pam_moduledir}/pam_time.so
%{_pam_moduledir}/pam_timestamp.so
%{_pam_moduledir}/pam_tty_audit.so
%{_pam_moduledir}/pam_umask.so
%{_pam_moduledir}/pam_unix.so
%{_pam_moduledir}/pam_unix_acct.so
%{_pam_moduledir}/pam_unix_auth.so
%{_pam_moduledir}/pam_unix_passwd.so
%{_pam_moduledir}/pam_unix_session.so
%{_pam_moduledir}/pam_usertype.so
%{_pam_moduledir}/pam_warn.so
%{_pam_moduledir}/pam_wheel.so
@ -461,7 +454,6 @@ done
%{_sbindir}/faillock
%{_sbindir}/mkhomedir_helper
%{_sbindir}/pam_namespace_helper
%{_sbindir}/pam_timestamp_check
%{_sbindir}/pwhistory_helper
%verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix_chkpwd
%verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix2_chkpwd
@ -469,23 +461,30 @@ done
%{_unitdir}/pam_namespace.service
%{_tmpfilesdir}/pam.conf
%files extra
%defattr(-,root,root,755)
%{_pam_moduledir}/pam_userdb.so
%{_mandir}/man8/pam_userdb.8%{?ext_man}
%files devel
%defattr(644,root,root,755)
%dir %{_includedir}/security
%{_mandir}/man3/pam*
%{_mandir}/man3/misc_conv.3%{?ext_man}
%{_includedir}/security/*.h
%{_libdir}/libpam.so
%{_libdir}/libpamc.so
%{_libdir}/libpam_misc.so
%{_rpmmacrodir}/macros.pam
%{_libdir}/pkgconfig/pam*.pc
%endif
%if %{build_userdb}
%files -n pam-userdb
%defattr(-,root,root,755)
%{_pam_moduledir}/pam_userdb.so
%{_mandir}/man8/pam_userdb.8%{?ext_man}
%endif
%if %{build_extra}
%files -n pam-extra
%defattr(-,root,root,755)
%{_pam_moduledir}/pam_issue.so
%{_pam_moduledir}/pam_timestamp.so
%{_sbindir}/pam_timestamp_check
%endif
%if %{build_doc}
@ -499,6 +498,8 @@ done
%doc %{_defaultdocdir}/pam/*.txt
%files -n pam-manpages
%{_mandir}/man3/pam*.3%{?ext_man}
%{_mandir}/man3/misc_conv.3%{?ext_man}
%{_mandir}/man5/environment.5%{?ext_man}
%{_mandir}/man5/*.conf.5%{?ext_man}
%{_mandir}/man5/pam.d.5%{?ext_man}
@ -520,7 +521,6 @@ done
%{_mandir}/man8/pam_group.8%{?ext_man}
%{_mandir}/man8/pam_issue.8%{?ext_man}
%{_mandir}/man8/pam_keyinit.8%{?ext_man}
%{_mandir}/man8/pam_lastlog.8%{?ext_man}
%{_mandir}/man8/pam_limits.8%{?ext_man}
%{_mandir}/man8/pam_listfile.8%{?ext_man}
%{_mandir}/man8/pam_localuser.8%{?ext_man}

264
pam_pwhistory-docu.patch
View File

@ -1,264 +0,0 @@
diff --git a/modules/pam_pwhistory/Makefile.am b/modules/pam_pwhistory/Makefile.am
index 8a4dbcb2..c29a8e11 100644
--- a/modules/pam_pwhistory/Makefile.am
+++ b/modules/pam_pwhistory/Makefile.am
@@ -9,9 +9,10 @@ MAINTAINERCLEANFILES = $(MANS) README
EXTRA_DIST = $(XMLS)
if HAVE_DOC
-dist_man_MANS = pam_pwhistory.8 pwhistory_helper.8
+dist_man_MANS = pam_pwhistory.8 pwhistory_helper.8 pwhistory.conf.5
endif
-XMLS = README.xml pam_pwhistory.8.xml pwhistory_helper.8.xml
+XMLS = README.xml pam_pwhistory.8.xml pwhistory_helper.8.xml \
+ pwhistory.conf.5.xml
dist_check_SCRIPTS = tst-pam_pwhistory
TESTS = $(dist_check_SCRIPTS)
diff --git a/modules/pam_pwhistory/pam_pwhistory.8.xml b/modules/pam_pwhistory/pam_pwhistory.8.xml
index d88115c2..2a8fa7f6 100644
--- a/modules/pam_pwhistory/pam_pwhistory.8.xml
+++ b/modules/pam_pwhistory/pam_pwhistory.8.xml
@@ -36,6 +36,12 @@
<arg choice="opt">
authtok_type=<replaceable>STRING</replaceable>
</arg>
+ <arg choice="opt">
+ file=<replaceable>/path/filename</replaceable>
+ </arg>
+ <arg choice="opt">
+ conf=<replaceable>/path/to/config-file</replaceable>
+ </arg>
</cmdsynopsis>
</refsynopsisdiv>
@@ -104,7 +110,7 @@
<listitem>
<para>
The last <replaceable>N</replaceable> passwords for each
- user are saved in <filename>/etc/security/opasswd</filename>.
+ user are saved.
The default is <emphasis>10</emphasis>. Value of
<emphasis>0</emphasis> makes the module to keep the existing
contents of the <filename>opasswd</filename> file unchanged.
@@ -137,7 +143,39 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>
+ <option>file=<replaceable>/path/filename</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ Store password history in file <filename>/path/filename</filename>
+ rather than the default location. The default location is
+ <filename>/etc/security/opasswd</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>conf=<replaceable>/path/to/config-file</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ Use another configuration file instead of the default
+ <filename>/etc/security/pwhistory.conf</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+
</variablelist>
+ <para>
+ The options for configuring the module behavior are described in the
+ <citerefentry><refentrytitle>pwhistory.conf</refentrytitle>
+ <manvolnum>5</manvolnum></citerefentry> manual page. The options
+ specified on the module command line override the values from the
+ configuration file.
+ </para>
</refsect1>
<refsect1 id="pam_pwhistory-types">
@@ -213,7 +251,7 @@ password required pam_unix.so use_authtok
<varlistentry>
<term><filename>/etc/security/opasswd</filename></term>
<listitem>
- <para>File with password history</para>
+ <para>Default file with password history</para>
</listitem>
</varlistentry>
</variablelist>
@@ -222,6 +260,9 @@ password required pam_unix.so use_authtok
<refsect1 id='pam_pwhistory-see_also'>
<title>SEE ALSO</title>
<para>
+ <citerefentry>
+ <refentrytitle>pwhistory.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
<citerefentry>
<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
diff --git a/modules/pam_pwhistory/pwhistory.conf.5.xml b/modules/pam_pwhistory/pwhistory.conf.5.xml
new file mode 100644
index 00000000..bac5ffed
--- /dev/null
+++ b/modules/pam_pwhistory/pwhistory.conf.5.xml
@@ -0,0 +1,155 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pwhistory.conf">
+
+ <refmeta>
+ <refentrytitle>pwhistory.conf</refentrytitle>
+ <manvolnum>5</manvolnum>
+ <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pwhistory.conf-name">
+ <refname>pwhistory.conf</refname>
+ <refpurpose>pam_pwhistory configuration file</refpurpose>
+ </refnamediv>
+
+ <refsect1 id="pwhistory.conf-description">
+
+ <title>DESCRIPTION</title>
+ <para>
+ <emphasis remap='B'>pwhistory.conf</emphasis> provides a way to configure the
+ default settings for saving the last passwords for each user.
+ This file is read by the <emphasis>pam_pwhistory</emphasis> module and is the
+ preferred method over configuring <emphasis>pam_pwhistory</emphasis> directly.
+ </para>
+ <para>
+ The file has a very simple <emphasis>name = value</emphasis> format with possible comments
+ starting with <emphasis>#</emphasis> character. The whitespace at the beginning of line, end
+ of line, and around the <emphasis>=</emphasis> sign is ignored.
+ </para>
+ </refsect1>
+
+ <refsect1 id="pwhistory.conf-options">
+
+ <title>OPTIONS</title>
+ <variablelist>
+ <varlistentry>
+ <term>
+ <option>debug</option>
+ </term>
+ <listitem>
+ <para>
+ Turns on debugging via
+ <citerefentry>
+ <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>enforce_for_root</option>
+ </term>
+ <listitem>
+ <para>
+ If this option is set, the check is enforced for root, too.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>remember=<replaceable>N</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ The last <replaceable>N</replaceable> passwords for each
+ user are saved.
+ The default is <emphasis>10</emphasis>. Value of
+ <emphasis>0</emphasis> makes the module to keep the existing
+ contents of the <filename>opasswd</filename> file unchanged.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>retry=<replaceable>N</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ Prompt user at most <replaceable>N</replaceable> times
+ before returning with error. The default is 1.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>file=<replaceable>/path/filename</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ Store password history in file
+ <replaceable>/path/filename</replaceable> rather than the default
+ location. The default location is
+ <filename>/etc/security/opasswd</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='pwhistory.conf-examples'>
+ <title>EXAMPLES</title>
+ <para>
+ /etc/security/pwhistory.conf file example:
+ </para>
+ <programlisting>
+debug
+remember=5
+file=/tmp/opasswd
+ </programlisting>
+ </refsect1>
+
+ <refsect1 id="pwhistory.conf-files">
+ <title>FILES</title>
+ <variablelist>
+ <varlistentry>
+ <term><filename>/etc/security/pwhistory.conf</filename></term>
+ <listitem>
+ <para>the config file for custom options</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='pwhistory.conf-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>pwhistory</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_pwhistory</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+
+ <refsect1 id='pwhistory.conf-author'>
+ <title>AUTHOR</title>
+ <para>
+ pam_pwhistory was written by Thorsten Kukuk. The support for
+ pwhistory.conf was written by Iker Pedrosa.
+ </para>
+ </refsect1>
+
+</refentry>

97
pam_xauth_data.3.xml.patch
View File

@ -1,97 +0,0 @@
--- a/doc/man/pam_xauth_data.3.xml 2021-11-01 12:04:45.640077994 +0100
+++ b/doc/man/pam_xauth_data.3.xml 2019-09-24 13:06:13.531781973 +0200
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
+
+<refentry id="pam_xauth_data">
+
+ <refmeta>
+ <refentrytitle>pam_xauth_data</refentrytitle>
+ <manvolnum>3</manvolnum>
+ <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pam_xauth_data-name">
+ <refname>pam_xauth_data</refname>
+ <refpurpose>structure containing X authentication data</refpurpose>
+ </refnamediv>
+
+<!-- body begins here -->
+
+ <refsynopsisdiv>
+ <funcsynopsis id="pam_xauth_data-synopsis">
+ <funcsynopsisinfo>#include &lt;security/pam_appl.h&gt;</funcsynopsisinfo>
+ </funcsynopsis>
+ <programlisting>
+struct pam_xauth_data {
+ int namelen;
+ char *name;
+ int datalen;
+ char *data;
+};
+ </programlisting>
+ </refsynopsisdiv>
+
+ <refsect1 id='pam_xauth_data-description'>
+ <title>DESCRIPTION</title>
+ <para>
+ The <function>pam_xauth_data</function> structure contains X
+ authentication data used to make a connection to an X display.
+ Using this mechanism, an application can communicate X
+ authentication data to PAM service modules. This allows modules to
+ make a connection to the user's X display in order to label the
+ user's session on login, display visual feedback or for other
+ purposes.
+ </para>
+ <para>
+ The <emphasis>name</emphasis> field contains the name of the
+ authentication method, such as "MIT-MAGIC-COOKIE-1". The
+ <emphasis>namelen</emphasis> field contains the length of this string,
+ not including the trailing NUL character.
+ </para>
+ <para>
+ The <emphasis>data</emphasis> field contains the authentication
+ method-specific data corresponding to the specified name. The
+ <emphasis>datalen</emphasis> field contains its length in bytes.
+ </para>
+ <para>
+ The X authentication data can be changed with the
+ <emphasis>PAM_XAUTH_DATA</emphasis> item. It can be queried and
+ set with
+ <citerefentry>
+ <refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>
+ and
+ <citerefentry>
+ <refentrytitle>pam_set_item </refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> respectively. The value used to set it should be
+ a pointer to a pam_xauth_data structure. An internal copy of both
+ the structure itself and its fields is made by PAM when setting the
+ item.
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_xauth_data-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_xauth_data-standards'>
+ <title>STANDARDS</title>
+ <para>
+ The <function>pam_xauth_data</function> structure and
+ <emphasis>PAM_XAUTH_DATA</emphasis> item are
+ Linux-PAM extensions.
+ </para>
+ </refsect1>
+
+</refentry>