pool/pam
SHA256
4
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1080766 from Linux-PAM

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/1080766
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=130
This commit is contained in:
Dominique Leuenberger 2023-04-21 12:15:28 +00:00 committed by Git OBS Bridge
commit a121788e00
13 changed files with 142 additions and 28024 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Linux-PAM-1.5.2-docs.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:bd75b3474dfbed60dff728721c48a6dd88bfea901b607c469bbe5fa5ccc535e4
size 443276

16
Linux-PAM-1.5.2-docs.tar.xz.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIcBAABCgAGBQJhMg78AAoJEKgEH6g54W429wIP/1FdfjVSygdVkmCSbMl0Dvbp
7/DOYkDb1W3KSzD4Y0pE76HXAxC5fL32781oioP3vx4YKLfP7VMxHM42ugFhKBcZ
cdXZGwCHxvbfNesjm++Lg5I0w16Qh9BoJ5UNbcLoIur+bpadmhPorj2SutPY/U9j
klKESN5AQtdnqUivTWbm4z8CrmZs3NoQTCfkv+ABW33olrj2gJtZucuMjfwDMQFS
oDikxPUErpz7tUDuWEM5Gp26B9iuz4mX/2pUmta18r0Y6RGSl6QtmjEhTlGR2n5R
XEDIZX4vLAYzWum63bzJH/xiyoRMur0lO55GSPtpLnLYPdaot8fWYzdpvRdfg7DR
rristlSYNtRhs3ORbMvvxqgkdzVKa6CLm9WuJiTHPY2dxNP6q8TYdHxyPtrscyz0
ijhvxAYGHvJ47JESvV16pLaQhTKdVp95aM+pC8A2WfCMZf8WfKM8ZpT9JtZ6tjwC
wc79KWEX9SARoiqk0ZuqITu1pR9gzzDS5WBehwvJkTFm95PkaxQyPNCYwbUIouUf
c+mg5u2xaXrR4NWLMZZid0HRivwYb3/nK8hqUqRaUEri2KoSl6N5f8KlNiyLQiUN
JYB/GRWFueCkGPzuhCREyxdQ0Pxh3H1Us6TLgFHYv/ZdJjYY9GpqLXx7PuoKhZUU
kfOtmSc7D8FhaXULOtvi
=ijjK
-----END PGP SIGNATURE-----

3
Linux-PAM-1.5.2.90.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5a819c1b629b8101543e6c964a4e22d23b29f3456d28b4ba403dd280e46a6315
size 1009900

3
Linux-PAM-1.5.2.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e4ec7131a91da44512574268f493c6d8ca105c87091691b8e9b56ca685d4f94d
size 988784

16
Linux-PAM-1.5.2.tar.xz.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIcBAABCgAGBQJhMg48AAoJEKgEH6g54W42TUgP/0feavEYuZpjTWche32Ug2nu
h6TGQbqkAasDexkHf6S2p+LYbt/6Nl+EpzOtELY/F3qRq8aYgTlHpJETSSBcZ++t
tIhoaPAhEt+N5vb4YfTQcYIGihdgAzQCj0LViEuG/1PgSUjPdbW8RyvfJTw6I3Ch
XUulrEwyudPCZHDpdW06DMv2we/7oTzrWHVDEmY/TTFKCvDSuAixLrxZrLO/MRK4
huhXhe3oGv+TtLCqPcr0nJDTl44XNQOTbP/Dl+EI/5tXlDLXLH+IiPEMvnDRbsdd
ngqdwM6wsOenEtlcA27YkDID/FRwgGJILKNaaUKSIa/uk8Tzy+Lx0j1wKEmE8P4T
JI+24IIP5Gw8Sxd+NB8lSjtHXlyJF8psAFRWnTb67mgVTXruDXo771Mhqqy2Vu74
sjf03w6jYrcGGKHlr7Q08jncghmMHFdW6jAcOG02oNO1oNrSu67MjAIqFox36Byu
FmCajrGBwCR6bWmHCFRGT9qESWg9zRjPL7vkVBmAQg4J4og8FExUi8wBqt1zFH8W
vGTgCDB/Oue3nYTws27hNKEeYumA8emOHyCG4n80vyA6DbRp+7nrtcDnJQir0lzf
8UfWxooIJNqFH9ohnAqMTqJbKJkjLswLnTVpuyJvgzDwGl4sdSvIToxTo/2jp2W+
q1y3BpSxAA1wOd9/mTM+
=KMIz
-----END PGP SIGNATURE-----

20426
docbook5.patch
View File

File diff suppressed because it is too large Load Diff

26
pam-bsc1177858-dont-free-environment-string.patch
View File

@ -1,26 +0,0 @@
Index: Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c
===================================================================
--- Linux-PAM-1.4.0.orig/modules/pam_xauth/pam_xauth.c
+++ Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c
@@ -701,8 +701,9 @@ pam_sm_open_session (pam_handle_t *pamh,
pam_syslog(pamh, LOG_ERR,
"can't set environment variable '%s'",
xauthority);
- putenv (xauthority); /* The environment owns this string now. */
- /* Don't free environment variables nor set them to NULL. */
+ if (putenv (xauthority) == 0) /* The environment owns this string now. */
+ xauthority = NULL;
+ /* Don't free environment variables. */
/* set $DISPLAY in pam handle to make su - work */
{
@@ -765,7 +766,8 @@ cleanup:
unsetenv (XAUTHENV);
free(cookiefile);
free(cookie);
- free(xauthority);
+ if (xauthority != NULL) /* If it hasn't been successfully passed to putenv() ... */
+ free(xauthority);
return retval;
}

6965
pam-git.diff
View File

File diff suppressed because it is too large Load Diff

105
pam-xauth_ownership.patch
View File

@ -1,105 +0,0 @@
diff -urN Linux-PAM-1.5.0/modules/pam_xauth/pam_xauth.c Linux-PAM-1.5.0.xauth/modules/pam_xauth/pam_xauth.c
--- Linux-PAM-1.5.0/modules/pam_xauth/pam_xauth.c 2020-11-10 16:46:13.000000000 +0100
+++ Linux-PAM-1.5.0.xauth/modules/pam_xauth/pam_xauth.c 2020-11-19 11:50:54.176925556 +0100
@@ -355,11 +355,13 @@
char *cookiefile = NULL, *xauthority = NULL,
*cookie = NULL, *display = NULL, *tmp = NULL,
*xauthlocalhostname = NULL;
- const char *user, *xauth = NULL;
+ const char *user, *xauth = NULL, *login_name;
struct passwd *tpwd, *rpwd;
int fd, i, debug = 0;
int retval = PAM_SUCCESS;
- uid_t systemuser = 499, targetuser = 0;
+ uid_t systemuser = 499, targetuser = 0, uid;
+ gid_t gid;
+ struct stat st;
/* Parse arguments. We don't understand many, so no sense in breaking
* this into a separate function. */
@@ -429,7 +431,16 @@
retval = PAM_SESSION_ERR;
goto cleanup;
}
- rpwd = pam_modutil_getpwuid(pamh, getuid());
+
+ login_name = pam_modutil_getlogin(pamh);
+ if (login_name == NULL) {
+ login_name = "";
+ }
+ if (*login_name)
+ rpwd = pam_modutil_getpwnam(pamh, login_name);
+ else
+ rpwd = pam_modutil_getpwuid(pamh, getuid());
+
if (rpwd == NULL) {
pam_syslog(pamh, LOG_ERR,
"error determining invoking user's name");
@@ -518,18 +529,26 @@
cookiefile);
}
+ /* Get owner and group of the cookiefile */
+ uid = getuid();
+ gid = getgid();
+ if (stat(cookiefile, &st) == 0) {
+ uid = st.st_uid;
+ gid = st.st_gid;
+ }
+
/* Read the user's .Xauthority file. Because the current UID is
* the original user's UID, this will only fail if something has
* gone wrong, or we have no cookies. */
if (debug) {
pam_syslog(pamh, LOG_DEBUG,
- "running \"%s %s %s %s %s\" as %lu/%lu",
- xauth, "-f", cookiefile, "nlist", display,
- (unsigned long) getuid(), (unsigned long) getgid());
+ "running \"%s %s %s %s %s %s\" as %lu/%lu",
+ xauth, "-i", "-f", cookiefile, "nlist", display,
+ (unsigned long) uid, (unsigned long) gid);
}
if (run_coprocess(pamh, NULL, &cookie,
- getuid(), getgid(),
- xauth, "-f", cookiefile, "nlist", display,
+ uid, gid,
+ xauth, "-i", "-f", cookiefile, "nlist", display,
NULL) == 0) {
#ifdef WITH_SELINUX
char *context_raw = NULL;
@@ -583,12 +602,12 @@
cookiefile,
"nlist",
t,
- (unsigned long) getuid(),
- (unsigned long) getgid());
+ (unsigned long) uid,
+ (unsigned long) gid);
}
run_coprocess(pamh, NULL, &cookie,
- getuid(), getgid(),
- xauth, "-f", cookiefile,
+ uid, gid,
+ xauth, "-i", "-f", cookiefile,
"nlist", t, NULL);
}
free(t);
@@ -673,13 +692,17 @@
goto cleanup;
}
+ if (debug) {
+ pam_syslog(pamh, LOG_DEBUG, "set environment variable '%s'",
+ xauthority);
+ }
/* Set the new variable in the environment. */
if (pam_putenv (pamh, xauthority) != PAM_SUCCESS)
pam_syslog(pamh, LOG_ERR,
"can't set environment variable '%s'",
xauthority);
putenv (xauthority); /* The environment owns this string now. */
- xauthority = NULL; /* Don't free environment variables. */
+ /* Don't free environment variables nor set them to NULL. */
/* set $DISPLAY in pam handle to make su - work */
{

36
pam.changes
View File

@ -1,3 +1,39 @@
-------------------------------------------------------------------
Thu Apr 20 09:40:50 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
- pam-extra: add split provide
-------------------------------------------------------------------
Wed Apr 12 11:28:48 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
- pam-userdb: add split provide
-------------------------------------------------------------------
Tue Apr 11 07:53:44 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
- Drop pam-xauth_ownership.patch, got fixed in sudo itself
- Drop pam-bsc1177858-dont-free-environment-string.patch, was a
fix for above patch
-------------------------------------------------------------------
Thu Apr 6 12:11:30 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
- Use bcond selinux to disable SELinux
- Remove old pam_unix_* compat symlinks
- Move pam_userdb to own pam-userdb sub-package
- pam-extra contains now modules having extended dependencies like
libsystemd
- Update to 1.5.3.90 git snapshot
- Drop merged patches:
- pam-git.diff
- docbook5.patch
- pam_pwhistory-docu.patch
- pam_xauth_data.3.xml.patch
- Drop Linux-PAM-1.5.2.90.tar.xz as we have to rebuild all
documentation anyways and don't use the prebuild versions
- Move all devel manual pages to pam-manpages, too. Fixes the
problem that adjusted defaults not shown correct.
-------------------------------------------------------------------
Mon Mar 20 10:12:41 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>

126
pam.spec
View File

@ -35,6 +35,7 @@
%define livepatchable 0
%endif
%bcond_without selinux
%bcond_with debug
%define flavor @BUILD_FLAVOR@%{nil}
@ -46,15 +47,18 @@
%if "%{flavor}" == "full"
%define build_main 0
%define build_doc 1
%define build_extra 1
%define build_userdb 1
%define name_suffix -%{flavor}-src
%else
%define build_main 1
%define build_doc 0
%define build_extra 0
%define build_userdb 0
%define name_suffix %{nil}
%endif
#
%define enable_selinux 1
%define libpam_so_version 0.85.1
%define libpam_misc_so_version 0.82.1
%define libpamc_so_version 0.82.1
@ -67,14 +71,14 @@
#
Name: pam%{name_suffix}
#
Version: 1.5.2
Version: 1.5.2.90
Release: 0
Summary: A Security Tool that Provides Authentication for Applications
License: GPL-2.0-or-later OR BSD-3-Clause
Group: System/Libraries
URL: http://www.linux-pam.org/
URL: https://github.com/linux-pam/linux-pam
Source: Linux-PAM-%{version}.tar.xz
Source1: Linux-PAM-%{version}-docs.tar.xz
# XXX Source1: Linux-PAM-%{version}.tar.xz.asc
Source2: macros.pam
Source3: other.pamd
Source4: common-auth.pamd
@ -86,20 +90,12 @@ Source10: unix2_chkpwd.c
Source11: unix2_chkpwd.8
Source12: pam-login_defs-check.sh
Source13: pam.tmpfiles
Source14: Linux-PAM-%{version}-docs.tar.xz.asc
Source15: Linux-PAM-%{version}.tar.xz.asc
Source20: common-session-nonlogin.pamd
Source21: postlogin-auth.pamd
Source22: postlogin-account.pamd
Source23: postlogin-password.pamd
Source24: postlogin-session.pamd
Patch1: pam-limit-nproc.patch
Patch3: pam-xauth_ownership.patch
Patch4: pam-bsc1177858-dont-free-environment-string.patch
Patch5: pam_xauth_data.3.xml.patch
Patch11: pam-git.diff
Patch13: pam_pwhistory-docu.patch
Patch14: docbook5.patch
BuildRequires: audit-devel
BuildRequires: bison
BuildRequires: flex
@ -110,39 +106,55 @@ Requires(post): permissions
# Upgrade this symbol version only if new variables appear!
# Verify by shadow-login_defs-check.sh from shadow source package.
Recommends: login_defs-support-for-pam >= 1.5.2
%if 0%{?suse_version} > 1320
BuildRequires: pkgconfig(libeconf)
%endif
%if %{enable_selinux}
%if %{with selinux}
BuildRequires: libselinux-devel
%endif
Obsoletes: pam_unix
Obsoletes: pam_unix-nis
Recommends: pam-manpages
%if 0%{?suse_version} >= 1330
Requires(pre): group(shadow)
Requires(pre): user(root)
%endif
%description
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policies without
having to recompile programs that do authentication.
%package extra
%if %{build_userdb}
%package -n pam-userdb
Summary: PAM module to authenticate against a separate database
Group: System/Libraries
Provides: pam-extra:%{_pam_moduledir}/pam_userdb.so
BuildRequires: libdb-4_8-devel
BuildRequires: pam-devel
%description extra
%description -n pam-userdb
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policies without
having to recompile programs that do authentication.
This package contains useful extra modules eg pam_userdb which is
used to verify a username/password pair against values stored in
a Berkeley DB database.
This package contains pam_userdb which is used to verify a
username/password pair against values stored in a Berkeley DB database.
%endif
%if %{build_extra}
%package -n pam-extra
Summary: PAM module with extended dependencies
Group: System/Libraries
BuildRequires: pkgconfig(systemd)
BuildRequires: pam-devel
Provides: pam:%{_sbindir}/pam_timestamp_check
%description -n pam-extra
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policies without
having to recompile programs that do authentication.
This package contains extra modules eg pam_issue and pam_timestamp which
can have extended dependencies.
%endif
%if %{build_doc}
@ -191,17 +203,9 @@ This package contains header files and static libraries used for
building both PAM-aware applications and modules for use with PAM.
%prep
%setup -q -n Linux-PAM-%{version} -b 1
%setup -q -n Linux-PAM-%{version}
cp -a %{SOURCE12} .
%patch11 -p1
%patch1 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%if %{build_doc}
%patch13 -p1
%patch14 -p1
%endif
%build
bash ./pam-login_defs-check.sh
@ -220,6 +224,7 @@ CFLAGS="$CFLAGS -fpatchable-function-entry=16,14 -fdump-ipa-clones"
--enable-isadir=../..%{_pam_moduledir} \
--enable-securedir=%{_pam_moduledir} \
--enable-vendordir=%{_prefix}/etc \
--disable-nis \
%if %{with debug}
--enable-debug
%endif
@ -291,9 +296,6 @@ mkdir -p %{buildroot}%{_prefix}/lib/motd.d
# Remove crap
#
find %{buildroot} -type f -name "*.la" -delete -print
for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session; do
ln -f %{buildroot}%{_pam_moduledir}/pam_unix.so %{buildroot}%{_pam_moduledir}/$x.so
done
#
# Install READMEs of PAM modules
#
@ -312,27 +314,25 @@ install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam
# /run/motd.d
install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/pam.conf
mkdir -p %{buildroot}%{_pam_secdistconfdir}
mv %{buildroot}%{_sysconfdir}/security/{limits.conf,faillock.conf,group.conf,pam_env.conf,access.conf,limits.d,sepermit.conf,time.conf} %{buildroot}%{_pam_secdistconfdir}/
mv %{buildroot}%{_sysconfdir}/security/{namespace.conf,namespace.d,namespace.init} %{buildroot}%{_pam_secdistconfdir}/
mkdir -p %{buildroot}%{_pam_secdistconfdir}/{limits.d,namespace.d}
mv %{buildroot}%{_sysconfdir}/environment %{buildroot}%{_distconfdir}/environment
# Remove manual pages for main package
%if !%{build_doc}
rm -rf %{buildroot}%{_mandir}/man[58]/*
install -m 644 modules/pam_userdb/pam_userdb.8 %{buildroot}/%{_mandir}/man8/
rm -rf %{buildroot}%{_mandir}/man?/*
%else
install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/
# bsc#1188724
echo '.so man8/pam_motd.8' > %{buildroot}%{_mandir}/man5/motd.5
%endif
%if !%{build_main}
rm -rf %{buildroot}{%{_sysconfdir},%{_distconfdir},%{_sbindir},%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale}
rm -rf %{buildroot}{%{_includedir},%{_libdir},%{_prefix}/lib}
rm -rf %{buildroot}%{_mandir}/man3/*
rm -rf %{buildroot}%{_mandir}/man8/pam_userdb.8*
%if !%{build_main}
rm -rf %{buildroot}{%{_sysconfdir},%{_distconfdir},%{_sbindir}/{f*,m*,pam_n*,pw*,u*},%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale}
rm -rf %{buildroot}{%{_includedir},%{_libdir}/{libpam*,pkgconfig},%{_pam_vendordir},%{_rpmmacrodir},%{_tmpfilesdir}}
rm -rf %{buildroot}%{_pam_moduledir}/pam_{a,b,c,d,e,f,g,h,j,k,l,m,n,o,p,q,r,s,v,w,x,y,z,time.,tt,um,un,usertype}*
%else
# Delete files for extra package
rm -rf %{buildroot}{%{_pam_moduledir}/pam_issue.so,%{_pam_moduledir}/pam_timestamp.so,%{_sbindir}/pam_timestamp_check}
# Create filelist with translations
%find_lang Linux-PAM
@ -392,13 +392,13 @@ done
%{_pam_secdistconfdir}/faillock.conf
%{_pam_secdistconfdir}/limits.conf
%{_pam_secdistconfdir}/pam_env.conf
%if %{enable_selinux}
%if %{with selinux}
%{_pam_secdistconfdir}/sepermit.conf
%endif
%{_pam_secdistconfdir}/time.conf
%{_pam_secdistconfdir}/namespace.conf
%{_pam_secdistconfdir}/namespace.init
%config(noreplace) %{_pam_secconfdir}/pwhistory.conf
%{_pam_secdistconfdir}/pwhistory.conf
%dir %{_pam_secdistconfdir}/namespace.d
%{_libdir}/libpam.so.0
%{_libdir}/libpam.so.%{libpam_so_version}
@ -420,9 +420,7 @@ done
%{_pam_moduledir}//pam_filter/upperLOWER
%{_pam_moduledir}/pam_ftp.so
%{_pam_moduledir}/pam_group.so
%{_pam_moduledir}/pam_issue.so
%{_pam_moduledir}/pam_keyinit.so
%{_pam_moduledir}/pam_lastlog.so
%{_pam_moduledir}/pam_limits.so
%{_pam_moduledir}/pam_listfile.so
%{_pam_moduledir}/pam_localuser.so
@ -437,7 +435,7 @@ done
%{_pam_moduledir}/pam_rhosts.so
%{_pam_moduledir}/pam_rootok.so
%{_pam_moduledir}/pam_securetty.so
%if %{enable_selinux}
%if %{with selinux}
%{_pam_moduledir}/pam_selinux.so
%{_pam_moduledir}/pam_sepermit.so
%endif
@ -446,14 +444,9 @@ done
%{_pam_moduledir}/pam_stress.so
%{_pam_moduledir}/pam_succeed_if.so
%{_pam_moduledir}/pam_time.so
%{_pam_moduledir}/pam_timestamp.so
%{_pam_moduledir}/pam_tty_audit.so
%{_pam_moduledir}/pam_umask.so
%{_pam_moduledir}/pam_unix.so
%{_pam_moduledir}/pam_unix_acct.so
%{_pam_moduledir}/pam_unix_auth.so
%{_pam_moduledir}/pam_unix_passwd.so
%{_pam_moduledir}/pam_unix_session.so
%{_pam_moduledir}/pam_usertype.so
%{_pam_moduledir}/pam_warn.so
%{_pam_moduledir}/pam_wheel.so
@ -461,7 +454,6 @@ done
%{_sbindir}/faillock
%{_sbindir}/mkhomedir_helper
%{_sbindir}/pam_namespace_helper
%{_sbindir}/pam_timestamp_check
%{_sbindir}/pwhistory_helper
%verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix_chkpwd
%verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix2_chkpwd
@ -469,23 +461,30 @@ done
%{_unitdir}/pam_namespace.service
%{_tmpfilesdir}/pam.conf
%files extra
%defattr(-,root,root,755)
%{_pam_moduledir}/pam_userdb.so
%{_mandir}/man8/pam_userdb.8%{?ext_man}
%files devel
%defattr(644,root,root,755)
%dir %{_includedir}/security
%{_mandir}/man3/pam*
%{_mandir}/man3/misc_conv.3%{?ext_man}
%{_includedir}/security/*.h
%{_libdir}/libpam.so
%{_libdir}/libpamc.so
%{_libdir}/libpam_misc.so
%{_rpmmacrodir}/macros.pam
%{_libdir}/pkgconfig/pam*.pc
%endif
%if %{build_userdb}
%files -n pam-userdb
%defattr(-,root,root,755)
%{_pam_moduledir}/pam_userdb.so
%{_mandir}/man8/pam_userdb.8%{?ext_man}
%endif
%if %{build_extra}
%files -n pam-extra
%defattr(-,root,root,755)
%{_pam_moduledir}/pam_issue.so
%{_pam_moduledir}/pam_timestamp.so
%{_sbindir}/pam_timestamp_check
%endif
%if %{build_doc}
@ -499,6 +498,8 @@ done
%doc %{_defaultdocdir}/pam/*.txt
%files -n pam-manpages
%{_mandir}/man3/pam*.3%{?ext_man}
%{_mandir}/man3/misc_conv.3%{?ext_man}
%{_mandir}/man5/environment.5%{?ext_man}
%{_mandir}/man5/*.conf.5%{?ext_man}
%{_mandir}/man5/pam.d.5%{?ext_man}
@ -520,7 +521,6 @@ done
%{_mandir}/man8/pam_group.8%{?ext_man}
%{_mandir}/man8/pam_issue.8%{?ext_man}
%{_mandir}/man8/pam_keyinit.8%{?ext_man}
%{_mandir}/man8/pam_lastlog.8%{?ext_man}
%{_mandir}/man8/pam_limits.8%{?ext_man}
%{_mandir}/man8/pam_listfile.8%{?ext_man}
%{_mandir}/man8/pam_localuser.8%{?ext_man}

264
pam_pwhistory-docu.patch
View File

@ -1,264 +0,0 @@
diff --git a/modules/pam_pwhistory/Makefile.am b/modules/pam_pwhistory/Makefile.am
index 8a4dbcb2..c29a8e11 100644
--- a/modules/pam_pwhistory/Makefile.am
+++ b/modules/pam_pwhistory/Makefile.am
@@ -9,9 +9,10 @@ MAINTAINERCLEANFILES = $(MANS) README
EXTRA_DIST = $(XMLS)
if HAVE_DOC
-dist_man_MANS = pam_pwhistory.8 pwhistory_helper.8
+dist_man_MANS = pam_pwhistory.8 pwhistory_helper.8 pwhistory.conf.5
endif
-XMLS = README.xml pam_pwhistory.8.xml pwhistory_helper.8.xml
+XMLS = README.xml pam_pwhistory.8.xml pwhistory_helper.8.xml \
+ pwhistory.conf.5.xml
dist_check_SCRIPTS = tst-pam_pwhistory
TESTS = $(dist_check_SCRIPTS)
diff --git a/modules/pam_pwhistory/pam_pwhistory.8.xml b/modules/pam_pwhistory/pam_pwhistory.8.xml
index d88115c2..2a8fa7f6 100644
--- a/modules/pam_pwhistory/pam_pwhistory.8.xml
+++ b/modules/pam_pwhistory/pam_pwhistory.8.xml
@@ -36,6 +36,12 @@
<arg choice="opt">
authtok_type=<replaceable>STRING</replaceable>
</arg>
+ <arg choice="opt">
+ file=<replaceable>/path/filename</replaceable>
+ </arg>
+ <arg choice="opt">
+ conf=<replaceable>/path/to/config-file</replaceable>
+ </arg>
</cmdsynopsis>
</refsynopsisdiv>
@@ -104,7 +110,7 @@
<listitem>
<para>
The last <replaceable>N</replaceable> passwords for each
- user are saved in <filename>/etc/security/opasswd</filename>.
+ user are saved.
The default is <emphasis>10</emphasis>. Value of
<emphasis>0</emphasis> makes the module to keep the existing
contents of the <filename>opasswd</filename> file unchanged.
@@ -137,7 +143,39 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>
+ <option>file=<replaceable>/path/filename</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ Store password history in file <filename>/path/filename</filename>
+ rather than the default location. The default location is
+ <filename>/etc/security/opasswd</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>conf=<replaceable>/path/to/config-file</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ Use another configuration file instead of the default
+ <filename>/etc/security/pwhistory.conf</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+
</variablelist>
+ <para>
+ The options for configuring the module behavior are described in the
+ <citerefentry><refentrytitle>pwhistory.conf</refentrytitle>
+ <manvolnum>5</manvolnum></citerefentry> manual page. The options
+ specified on the module command line override the values from the
+ configuration file.
+ </para>
</refsect1>
<refsect1 id="pam_pwhistory-types">
@@ -213,7 +251,7 @@ password required pam_unix.so use_authtok
<varlistentry>
<term><filename>/etc/security/opasswd</filename></term>
<listitem>
- <para>File with password history</para>
+ <para>Default file with password history</para>
</listitem>
</varlistentry>
</variablelist>
@@ -222,6 +260,9 @@ password required pam_unix.so use_authtok
<refsect1 id='pam_pwhistory-see_also'>
<title>SEE ALSO</title>
<para>
+ <citerefentry>
+ <refentrytitle>pwhistory.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
<citerefentry>
<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
diff --git a/modules/pam_pwhistory/pwhistory.conf.5.xml b/modules/pam_pwhistory/pwhistory.conf.5.xml
new file mode 100644
index 00000000..bac5ffed
--- /dev/null
+++ b/modules/pam_pwhistory/pwhistory.conf.5.xml
@@ -0,0 +1,155 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pwhistory.conf">
+
+ <refmeta>
+ <refentrytitle>pwhistory.conf</refentrytitle>
+ <manvolnum>5</manvolnum>
+ <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pwhistory.conf-name">
+ <refname>pwhistory.conf</refname>
+ <refpurpose>pam_pwhistory configuration file</refpurpose>
+ </refnamediv>
+
+ <refsect1 id="pwhistory.conf-description">
+
+ <title>DESCRIPTION</title>
+ <para>
+ <emphasis remap='B'>pwhistory.conf</emphasis> provides a way to configure the
+ default settings for saving the last passwords for each user.
+ This file is read by the <emphasis>pam_pwhistory</emphasis> module and is the
+ preferred method over configuring <emphasis>pam_pwhistory</emphasis> directly.
+ </para>
+ <para>
+ The file has a very simple <emphasis>name = value</emphasis> format with possible comments
+ starting with <emphasis>#</emphasis> character. The whitespace at the beginning of line, end
+ of line, and around the <emphasis>=</emphasis> sign is ignored.
+ </para>
+ </refsect1>
+
+ <refsect1 id="pwhistory.conf-options">
+
+ <title>OPTIONS</title>
+ <variablelist>
+ <varlistentry>
+ <term>
+ <option>debug</option>
+ </term>
+ <listitem>
+ <para>
+ Turns on debugging via
+ <citerefentry>
+ <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>enforce_for_root</option>
+ </term>
+ <listitem>
+ <para>
+ If this option is set, the check is enforced for root, too.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>remember=<replaceable>N</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ The last <replaceable>N</replaceable> passwords for each
+ user are saved.
+ The default is <emphasis>10</emphasis>. Value of
+ <emphasis>0</emphasis> makes the module to keep the existing
+ contents of the <filename>opasswd</filename> file unchanged.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>retry=<replaceable>N</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ Prompt user at most <replaceable>N</replaceable> times
+ before returning with error. The default is 1.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>file=<replaceable>/path/filename</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ Store password history in file
+ <replaceable>/path/filename</replaceable> rather than the default
+ location. The default location is
+ <filename>/etc/security/opasswd</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='pwhistory.conf-examples'>
+ <title>EXAMPLES</title>
+ <para>
+ /etc/security/pwhistory.conf file example:
+ </para>
+ <programlisting>
+debug
+remember=5
+file=/tmp/opasswd
+ </programlisting>
+ </refsect1>
+
+ <refsect1 id="pwhistory.conf-files">
+ <title>FILES</title>
+ <variablelist>
+ <varlistentry>
+ <term><filename>/etc/security/pwhistory.conf</filename></term>
+ <listitem>
+ <para>the config file for custom options</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='pwhistory.conf-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>pwhistory</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_pwhistory</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+
+ <refsect1 id='pwhistory.conf-author'>
+ <title>AUTHOR</title>
+ <para>
+ pam_pwhistory was written by Thorsten Kukuk. The support for
+ pwhistory.conf was written by Iker Pedrosa.
+ </para>
+ </refsect1>
+
+</refentry>

97
pam_xauth_data.3.xml.patch
View File

@ -1,97 +0,0 @@
--- a/doc/man/pam_xauth_data.3.xml 2021-11-01 12:04:45.640077994 +0100
+++ b/doc/man/pam_xauth_data.3.xml 2019-09-24 13:06:13.531781973 +0200
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
+
+<refentry id="pam_xauth_data">
+
+ <refmeta>
+ <refentrytitle>pam_xauth_data</refentrytitle>
+ <manvolnum>3</manvolnum>
+ <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pam_xauth_data-name">
+ <refname>pam_xauth_data</refname>
+ <refpurpose>structure containing X authentication data</refpurpose>
+ </refnamediv>
+
+<!-- body begins here -->
+
+ <refsynopsisdiv>
+ <funcsynopsis id="pam_xauth_data-synopsis">
+ <funcsynopsisinfo>#include &lt;security/pam_appl.h&gt;</funcsynopsisinfo>
+ </funcsynopsis>
+ <programlisting>
+struct pam_xauth_data {
+ int namelen;
+ char *name;
+ int datalen;
+ char *data;
+};
+ </programlisting>
+ </refsynopsisdiv>
+
+ <refsect1 id='pam_xauth_data-description'>
+ <title>DESCRIPTION</title>
+ <para>
+ The <function>pam_xauth_data</function> structure contains X
+ authentication data used to make a connection to an X display.
+ Using this mechanism, an application can communicate X
+ authentication data to PAM service modules. This allows modules to
+ make a connection to the user's X display in order to label the
+ user's session on login, display visual feedback or for other
+ purposes.
+ </para>
+ <para>
+ The <emphasis>name</emphasis> field contains the name of the
+ authentication method, such as "MIT-MAGIC-COOKIE-1". The
+ <emphasis>namelen</emphasis> field contains the length of this string,
+ not including the trailing NUL character.
+ </para>
+ <para>
+ The <emphasis>data</emphasis> field contains the authentication
+ method-specific data corresponding to the specified name. The
+ <emphasis>datalen</emphasis> field contains its length in bytes.
+ </para>
+ <para>
+ The X authentication data can be changed with the
+ <emphasis>PAM_XAUTH_DATA</emphasis> item. It can be queried and
+ set with
+ <citerefentry>
+ <refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>
+ and
+ <citerefentry>
+ <refentrytitle>pam_set_item </refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> respectively. The value used to set it should be
+ a pointer to a pam_xauth_data structure. An internal copy of both
+ the structure itself and its fields is made by PAM when setting the
+ item.
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_xauth_data-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_xauth_data-standards'>
+ <title>STANDARDS</title>
+ <para>
+ The <function>pam_xauth_data</function> structure and
+ <emphasis>PAM_XAUTH_DATA</emphasis> item are
+ Linux-PAM extensions.
+ </para>
+ </refsect1>
+
+</refentry>