pool/pam
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 812631 from Linux-PAM

Browse Source 
- Update to final 1.4.0 release
  - includes pam-check-user-home-dir.patch
  - obsoletes fix-man-links.dif

- common-password: remove pam_cracklib, as that is deprecated.

- pam_setquota.so:
  When setting quota, don't apply any quota if the user's $HOME is
  a mountpoint (ie the user has a partition of his/her own).
  [bsc#1171721, pam-check-user-home-dir.patch]

- Update to current Linux-PAM snapshot
  - pam_tally* and pam_cracklib got deprecated
- Disable pam_faillock and pam_setquota until they are whitelisted

- Adapted patch pam-hostnames-in-access_conf.patch for new version
  New version obsoleted patch use-correct-IP-address.patch
  [pam-hostnames-in-access_conf.patch,
   use-correct-IP-address.patch]

- Update to current Linux-PAM snapshot
  - Obsoletes pam_namespace-systemd.diff

- Update to current Linux-PAM snapshot
  - Add pam_faillock
  - Multiple minor bug fixes and documentation improvements
  - Fixed grammar of messages printed via pam_prompt
  - Added support for a vendor directory and libeconf
  - configure: Allowed disabling documentation through --disable-doc
  - pam_get_authtok_verify: Avoid duplicate password verification

OBS-URL: https://build.opensuse.org/request/show/812631
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=102
This commit is contained in:
Dominique Leuenberger 2020-06-14 16:13:10 +00:00 committed by Git OBS Bridge
commit b658285f73
11 changed files with 222 additions and 215 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Linux-PAM-1.3.1-docs.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3bb80257cc61f23956d8df43ea31cadeeb3b4cdb69d46006a70b377c139e37ca
size 459552

3
Linux-PAM-1.4.0-docs.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:351764a0643052564a4b840320744c7e402112a2a57d2ac04511a6d22dc52e04
size 477712

3
Linux-PAM-1.4.0.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:cd6d928c51e64139be3bdb38692c68183a509b83d4f2c221024ccd4bcddfd034
size 988908

2
baselibs.conf
View File

@ -1,2 +1,4 @@
pam
pam-extra
pam-deprecated
pam-devel

3
common-password.pamd
View File

@ -8,5 +8,4 @@
# The "nullok" option allows users to change an empty password, else
# empty passwords are treated as locked accounts.
#
password requisite pam_cracklib.so
password required pam_unix.so use_authtok nullok try_first_pass
password required pam_unix.so nullok

56
fix-man-links.dif
View File

@ -1,56 +0,0 @@
Index: Linux-PAM-1.1.8/doc/man/pam.8
===================================================================
--- Linux-PAM-1.1.8.orig/doc/man/pam.8
+++ Linux-PAM-1.1.8/doc/man/pam.8
@@ -1 +1 @@
-.so PAM.8
+.so man8/PAM.8
Index: Linux-PAM-1.1.8/doc/man/pam.d.5
===================================================================
--- Linux-PAM-1.1.8.orig/doc/man/pam.d.5
+++ Linux-PAM-1.1.8/doc/man/pam.d.5
@@ -1 +1 @@
-.so pam.conf.5
+.so man5/pam.conf.5
Index: Linux-PAM-1.1.8/doc/man/pam_get_authtok_noverify.3
===================================================================
--- Linux-PAM-1.1.8.orig/doc/man/pam_get_authtok_noverify.3
+++ Linux-PAM-1.1.8/doc/man/pam_get_authtok_noverify.3
@@ -1 +1 @@
-.so pam_get_authtok.3
+.so man3/pam_get_authtok.3
Index: Linux-PAM-1.1.8/doc/man/pam_get_authtok_verify.3
===================================================================
--- Linux-PAM-1.1.8.orig/doc/man/pam_get_authtok_verify.3
+++ Linux-PAM-1.1.8/doc/man/pam_get_authtok_verify.3
@@ -1 +1 @@
-.so pam_get_authtok.3
+.so man3/pam_get_authtok.3
Index: Linux-PAM-1.1.8/doc/man/pam_verror.3
===================================================================
--- Linux-PAM-1.1.8.orig/doc/man/pam_verror.3
+++ Linux-PAM-1.1.8/doc/man/pam_verror.3
@@ -1 +1 @@
-.so pam_error.3
+.so man3/pam_error.3
Index: Linux-PAM-1.1.8/doc/man/pam_vinfo.3
===================================================================
--- Linux-PAM-1.1.8.orig/doc/man/pam_vinfo.3
+++ Linux-PAM-1.1.8/doc/man/pam_vinfo.3
@@ -1 +1 @@
-.so pam_info.3
+.so man3/pam_info.3
Index: Linux-PAM-1.1.8/doc/man/pam_vprompt.3
===================================================================
--- Linux-PAM-1.1.8.orig/doc/man/pam_vprompt.3
+++ Linux-PAM-1.1.8/doc/man/pam_vprompt.3
@@ -1 +1 @@
-.so pam_prompt.3
+.so man3/pam_prompt.3
Index: Linux-PAM-1.1.8/doc/man/pam_vsyslog.3
===================================================================
--- Linux-PAM-1.1.8.orig/doc/man/pam_vsyslog.3
+++ Linux-PAM-1.1.8/doc/man/pam_vsyslog.3
@@ -1 +1 @@
-.so pam_syslog.3
+.so man3/pam_syslog.3

3
linux-pam-1.3.1+git20190923.ea78d67.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a56e27836c298e46b09e14d6d3aaa78d1e9e02dee8785818141ea73fa4e4622f
size 970564

58
pam-hostnames-in-access_conf.patch
View File

@ -1,8 +1,8 @@
Index: modules/pam_access/pam_access.c
Index: Linux-PAM-1.3.91/modules/pam_access/pam_access.c
===================================================================
--- modules/pam_access/pam_access.c.orig
+++ modules/pam_access/pam_access.c
@@ -692,10 +692,10 @@ string_match (pam_handle_t *pamh, const
--- Linux-PAM-1.3.91.orig/modules/pam_access/pam_access.c
+++ Linux-PAM-1.3.91/modules/pam_access/pam_access.c
@@ -699,10 +699,10 @@ string_match (pam_handle_t *pamh, const
return (NO);
}
@ -15,7 +15,7 @@ Index: modules/pam_access/pam_access.c
*/
static int
network_netmask_match (pam_handle_t *pamh,
@@ -704,10 +704,14 @@ network_netmask_match (pam_handle_t *pam
@@ -711,10 +711,14 @@ network_netmask_match (pam_handle_t *pam
char *netmask_ptr;
char netmask_string[MAXHOSTNAMELEN + 1];
int addr_type;
@ -31,7 +31,7 @@ Index: modules/pam_access/pam_access.c
/* OK, check if tok is of type addr/mask */
if ((netmask_ptr = strchr(tok, '/')) != NULL)
{
@@ -717,7 +721,7 @@ network_netmask_match (pam_handle_t *pam
@@ -724,7 +728,7 @@ network_netmask_match (pam_handle_t *pam
*netmask_ptr = 0;
netmask_ptr++;
@ -40,7 +40,7 @@ Index: modules/pam_access/pam_access.c
{ /* no netaddr */
return NO;
}
@@ -739,19 +743,47 @@ network_netmask_match (pam_handle_t *pam
@@ -748,19 +752,47 @@ network_netmask_match (pam_handle_t *pam
netmask_ptr = number_to_netmask(netmask, addr_type,
netmask_string, MAXHOSTNAMELEN);
}
@ -93,7 +93,7 @@ Index: modules/pam_access/pam_access.c
memset (&hint, '\0', sizeof (hint));
hint.ai_flags = AI_CANONNAME;
hint.ai_family = AF_UNSPEC;
@@ -764,27 +796,52 @@ network_netmask_match (pam_handle_t *pam
@@ -773,29 +805,54 @@ network_netmask_match (pam_handle_t *pam
else
{
struct addrinfo *runp = item->res;
@ -103,29 +103,31 @@ Index: modules/pam_access/pam_access.c
{
char buf[INET6_ADDRSTRLEN];
DIAG_PUSH_IGNORE_CAST_ALIGN;
- inet_ntop (runp->ai_family,
- runp->ai_family == AF_INET
- ? (void *) &((struct sockaddr_in *) runp->ai_addr)->sin_addr
- : (void *) &((struct sockaddr_in6 *) runp->ai_addr)->sin6_addr,
- buf, sizeof (buf));
+ (void) getnameinfo (runp->ai_addr, runp->ai_addrlen, buf, sizeof (buf), NULL, 0, NI_NUMERICHOST);
DIAG_POP_IGNORE_CAST_ALIGN;
- if (are_addresses_equal(buf, tok, netmask_ptr))
+ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next)
{
- return YES;
+ char buf1[INET6_ADDRSTRLEN];
+ char buf1[INET6_ADDRSTRLEN];
+
+ if (runp->ai_family != runp1->ai_family)
+ continue;
+ if (runp->ai_family != runp1->ai_family)
+ continue;
+
+ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST);
+ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST);
+
+ if (are_addresses_equal (buf, buf1, netmask_ptr))
+ {
+ freeaddrinfo(ai);
+ return YES;
+ }
+ if (are_addresses_equal (buf, buf1, netmask_ptr))
+ {
+ freeaddrinfo(ai);
+ return YES;
+ }
}
runp = runp->ai_next;
}
@ -134,20 +136,20 @@ Index: modules/pam_access/pam_access.c
else
- return (are_addresses_equal(string, tok, netmask_ptr));
+ {
+ struct addrinfo *runp1;
+ struct addrinfo *runp1;
+
+ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next)
+ {
+ char buf1[INET6_ADDRSTRLEN];
+ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next)
+ {
+ char buf1[INET6_ADDRSTRLEN];
+
+ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST);
+ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST);
+
+ if (are_addresses_equal(string, buf1, netmask_ptr))
+ {
+ freeaddrinfo(ai);
+ return YES;
+ }
+ }
+ if (are_addresses_equal(string, buf1, netmask_ptr))
+ {
+ freeaddrinfo(ai);
+ return YES;
+ }
+ }
+ }
+
+ freeaddrinfo(ai);

79
pam.changes
View File

@ -1,3 +1,82 @@
-------------------------------------------------------------------
Mon Jun 8 13:19:12 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
- Update to final 1.4.0 release
- includes pam-check-user-home-dir.patch
- obsoletes fix-man-links.dif
-------------------------------------------------------------------
Mon Jun 8 07:59:58 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
- common-password: remove pam_cracklib, as that is deprecated.
-------------------------------------------------------------------
Thu May 28 12:36:33 UTC 2020 - Josef Möllers <josef.moellers@suse.com>
- pam_setquota.so:
When setting quota, don't apply any quota if the user's $HOME is
a mountpoint (ie the user has a partition of his/her own).
[bsc#1171721, pam-check-user-home-dir.patch]
-------------------------------------------------------------------
Wed May 27 09:27:32 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
- Update to current Linux-PAM snapshot
- pam_tally* and pam_cracklib got deprecated
- Disable pam_faillock and pam_setquota until they are whitelisted
-------------------------------------------------------------------
Tue May 12 11:44:19 UTC 2020 - Josef Möllers <josef.moellers@suse.com>
- Adapted patch pam-hostnames-in-access_conf.patch for new version
New version obsoleted patch use-correct-IP-address.patch
[pam-hostnames-in-access_conf.patch,
use-correct-IP-address.patch]
-------------------------------------------------------------------
Tue May 12 11:30:27 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
- Update to current Linux-PAM snapshot
- Obsoletes pam_namespace-systemd.diff
-------------------------------------------------------------------
Tue May 12 09:24:46 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
- Update to current Linux-PAM snapshot
- Add pam_faillock
- Multiple minor bug fixes and documentation improvements
- Fixed grammar of messages printed via pam_prompt
- Added support for a vendor directory and libeconf
- configure: Allowed disabling documentation through --disable-doc
- pam_get_authtok_verify: Avoid duplicate password verification
- pam_env: Changed the default to not read the user .pam_environment file
- pam_group, pam_time: Fixed logical error with multiple ! operators
- pam_keyinit: In pam_sm_setcred do the same as in pam_sm_open_session
- pam_lastlog: Do not log info about failed login if the session was opened
with PAM_SILENT flag
- pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs
- pam_lastlog: With 'unlimited' option prevent SIGXFSZ due to reduced 'fsize'
limit
- pam_motd: Export MOTD_SHOWN=pam after showing MOTD
- pam_motd: Support multiple motd paths specified, with filename overrides
- pam_namespace: Added a systemd service, which creates the namespaced
instance parent directories during boot
- pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mounts
- pam_shells: Recognize /bin/sh as the default shell
- pam_succeed_if: Support lists in group membership checks
- pam_tty_audit: If kernel audit is disabled return PAM_IGNORE
- pam_umask: Added new 'nousergroups' module argument and allowed specifying
the default for usergroups at build-time
- pam_unix: Added 'nullresetok' option to allow resetting blank passwords
- pam_unix: Report unusable hashes found by checksalt to syslog
- pam_unix: Support for (gost-)yescrypt hashing methods
- pam_unix: Use bcrypt b-variant when it bcrypt is chosen
- pam_usertype: New module to tell if uid is in login.defs ranges
- Added new API call pam_start_confdir() for special applications that
cannot use the system-default PAM configuration paths and need to
explicitly specify another path
- pam_namespace-systemd.diff: fix path of pam_namespace.services
-------------------------------------------------------------------
Thu Apr 2 09:51:31 UTC 2020 - Ludwig Nussel <lnussel@suse.de>

193
pam.spec
View File

@ -16,26 +16,25 @@
#
#
%define enable_selinux 1
%define libpam_so_version 0.85.1
%define libpam_misc_so_version 0.82.1
%define libpamc_so_version 0.82.1
%if ! %{defined _distconfdir}
%define _distconfdir %{_sysconfdir}
%define config_noreplace 1
%endif
#
%define enable_selinux 1
%define libpam_so_version 0.84.2
%define libpam_misc_so_version 0.82.1
%define libpamc_so_version 0.82.1
Name: pam
#
Version: 1.3.1+git20190923.ea78d67
Version: 1.4.0
Release: 0
Summary: A Security Tool that Provides Authentication for Applications
License: GPL-2.0-or-later OR BSD-3-Clause
Group: System/Libraries
URL: http://www.linux-pam.org/
Source: linux-pam-%{version}.tar.xz
Source1: Linux-PAM-1.3.1-docs.tar.xz
Source: Linux-PAM-%{version}.tar.xz
Source1: Linux-PAM-%{version}-docs.tar.xz
Source3: other.pamd
Source4: common-auth.pamd
Source5: common-account.pamd
@ -46,24 +45,19 @@ Source9: baselibs.conf
Source10: unix2_chkpwd.c
Source11: unix2_chkpwd.8
Source12: pam-login_defs-check.sh
Patch0: fix-man-links.dif
Patch2: pam-limit-nproc.patch
Patch4: pam-hostnames-in-access_conf.patch
Patch5: use-correct-IP-address.patch
BuildRequires: audit-devel
# Remove with next version update:
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: bison
BuildRequires: cracklib-devel
BuildRequires: flex
BuildRequires: libtool
BuildRequires: xz
Requires(post): permissions
# All login.defs variables require support from shadow side.
# Upgrade this symbol version only if new variables appear!
# Verify by shadow-login_defs-check.sh from shadow source package.
Recommends: login_defs-support-for-pam >= 1.3.1
Requires(post): permissions
BuildRequires: xz
%if 0%{?suse_version} > 1320
BuildRequires: pkgconfig(libeconf)
BuildRequires: pkgconfig(libnsl)
@ -84,7 +78,7 @@ having to recompile programs that do authentication.
%package extra
Summary: PAM module to authenticate against a separate database
Group: System/Libraries%description
Group: System/Libraries
BuildRequires: libdb-4_8-devel
BuildRequires: pam-devel
@ -125,18 +119,29 @@ having to recompile programs which do authentication.
This package contains header files and static libraries used for
building both PAM-aware applications and modules for use with PAM.
%package deprecated
Summary: Deprecated PAM Modules
Group: System/Libraries
Provides: pam:/%{_lib}/security/pam_cracklib.so
Provides: pam:/%{_lib}/security/pam_tally2.so
%description deprecated
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policies without
having to recompile programs that do authentication.
This package contains deprecated extra modules like pam_cracklib and
pam_tally2, which are no longer supported upstream and will be completly
removed with one of the next releases.
%prep
%setup -q -n linux-pam-%{version} -b 1
cp -av ../Linux-PAM-1.3.1/* .
%setup -q -n Linux-PAM-%{version} -b 1
cp -a %{SOURCE12} .
%patch0 -p1
%patch2 -p1
%patch4
%patch5 -p1
%patch4 -p1
%build
bash ./pam-login_defs-check.sh
./autogen.sh
export CFLAGS="%{optflags} -DNDEBUG"
%configure \
--sbindir=/sbin \
@ -147,12 +152,13 @@ export CFLAGS="%{optflags} -DNDEBUG"
--libdir=/%{_lib} \
--enable-isadir=../../%{_lib}/security \
--enable-securedir=/%{_lib}/security \
--enable-vendordir=%{_distconfdir}
--enable-vendordir=%{_distconfdir} \
--enable-tally2 --enable-cracklib
make %{?_smp_mflags}
gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/linux-pam-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/linux-pam-%{version}/libpam/.libs/ -lpam
gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/Linux-PAM-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/Linux-PAM-%{version}/libpam/.libs -lpam
%check
make %{?_smp_mflags} check
%make_build check
%install
mkdir -p %{buildroot}%{_sysconfdir}/pam.d
@ -204,13 +210,8 @@ for i in pam_*/README; do
cp -fpv "$i" "$DOC/modules/README.${i%/*}"
done
popd
#
# pam_tally is deprecated since ages
#
rm -f %{buildroot}/%{_lib}/security/pam_tally.so
rm -f %{buildroot}/sbin/pam_tally
rm -f %{buildroot}%{_mandir}/man8/pam_tally.8*
rm -f %{buildroot}%{_defaultdocdir}/pam/modules/README.pam_tally
# XXX Remove until whitelisted
rm %{buildroot}/%{_lib}/security/pam_faillock.so
# Install unix2_chkpwd
install -m 755 %{_builddir}/unix2_chkpwd %{buildroot}/sbin/
install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/
@ -227,16 +228,15 @@ install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/
%set_permissions /sbin/unix2_chkpwd
%postun -p /sbin/ldconfig
%pre
for i in securetty pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session ; do
test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i}.rpmsave.old ||:
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||:
done
%posttrans
# Migration to /usr/etc.
for i in securetty pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session ; do
test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i} ||:
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||:
done
%files -f Linux-PAM.lang
@ -258,6 +258,7 @@ done
%config(noreplace) %{_sysconfdir}/environment
%config(noreplace) %{_sysconfdir}/security/access.conf
%config(noreplace) %{_sysconfdir}/security/group.conf
%config(noreplace) %{_sysconfdir}/security/faillock.conf
%config(noreplace) %{_sysconfdir}/security/limits.conf
%config(noreplace) %{_sysconfdir}/security/pam_env.conf
%if %{enable_selinux}
@ -272,54 +273,57 @@ done
%{_mandir}/man5/environment.5%{?ext_man}
%{_mandir}/man5/*.conf.5%{?ext_man}
%{_mandir}/man5/pam.d.5%{?ext_man}
%{_mandir}/man8/mkhomedir_helper.8.gz
%{_mandir}/man8/pam.8.gz
%{_mandir}/man8/PAM.8.gz
%{_mandir}/man8/pam_access.8.gz
%{_mandir}/man8/pam_cracklib.8.gz
%{_mandir}/man8/pam_debug.8.gz
%{_mandir}/man8/pam_deny.8.gz
%{_mandir}/man8/pam_echo.8.gz
%{_mandir}/man8/pam_env.8.gz
%{_mandir}/man8/pam_exec.8.gz
%{_mandir}/man8/pam_faildelay.8.gz
%{_mandir}/man8/pam_filter.8.gz
%{_mandir}/man8/pam_ftp.8.gz
%{_mandir}/man8/pam_group.8.gz
%{_mandir}/man8/pam_issue.8.gz
%{_mandir}/man8/pam_keyinit.8.gz
%{_mandir}/man8/pam_lastlog.8.gz
%{_mandir}/man8/pam_limits.8.gz
%{_mandir}/man8/pam_listfile.8.gz
%{_mandir}/man8/pam_localuser.8.gz
%{_mandir}/man8/pam_loginuid.8.gz
%{_mandir}/man8/pam_mail.8.gz
%{_mandir}/man8/pam_mkhomedir.8.gz
%{_mandir}/man8/pam_motd.8.gz
%{_mandir}/man8/pam_namespace.8.gz
%{_mandir}/man8/pam_nologin.8.gz
%{_mandir}/man8/pam_permit.8.gz
%{_mandir}/man8/pam_pwhistory.8.gz
%{_mandir}/man8/pam_rhosts.8.gz
%{_mandir}/man8/pam_rootok.8.gz
%{_mandir}/man8/pam_securetty.8.gz
%{_mandir}/man8/pam_selinux.8.gz
%{_mandir}/man8/pam_sepermit.8.gz
%{_mandir}/man8/pam_shells.8.gz
%{_mandir}/man8/pam_succeed_if.8.gz
%{_mandir}/man8/pam_tally2.8.gz
%{_mandir}/man8/pam_time.8.gz
%{_mandir}/man8/pam_timestamp.8.gz
%{_mandir}/man8/pam_timestamp_check.8.gz
%{_mandir}/man8/pam_tty_audit.8.gz
%{_mandir}/man8/pam_umask.8.gz
%{_mandir}/man8/pam_unix.8.gz
%{_mandir}/man8/pam_warn.8.gz
%{_mandir}/man8/pam_wheel.8.gz
%{_mandir}/man8/pam_xauth.8.gz
%{_mandir}/man8/unix_chkpwd.8.gz
%{_mandir}/man8/unix2_chkpwd.8.gz
%{_mandir}/man8/unix_update.8.gz
%{_mandir}/man8/PAM.8%{?ext_man}
%{_mandir}/man8/faillock.8%{?ext_man}
%{_mandir}/man8/mkhomedir_helper.8%{?ext_man}
%{_mandir}/man8/pam.8%{?ext_man}
%{_mandir}/man8/pam_access.8%{?ext_man}
%{_mandir}/man8/pam_debug.8%{?ext_man}
%{_mandir}/man8/pam_deny.8%{?ext_man}
%{_mandir}/man8/pam_echo.8%{?ext_man}
%{_mandir}/man8/pam_env.8%{?ext_man}
%{_mandir}/man8/pam_exec.8%{?ext_man}
%{_mandir}/man8/pam_faildelay.8%{?ext_man}
%{_mandir}/man8/pam_faillock.8%{?ext_man}
%{_mandir}/man8/pam_filter.8%{?ext_man}
%{_mandir}/man8/pam_ftp.8%{?ext_man}
%{_mandir}/man8/pam_group.8%{?ext_man}
%{_mandir}/man8/pam_issue.8%{?ext_man}
%{_mandir}/man8/pam_keyinit.8%{?ext_man}
%{_mandir}/man8/pam_lastlog.8%{?ext_man}
%{_mandir}/man8/pam_limits.8%{?ext_man}
%{_mandir}/man8/pam_listfile.8%{?ext_man}
%{_mandir}/man8/pam_localuser.8%{?ext_man}
%{_mandir}/man8/pam_loginuid.8%{?ext_man}
%{_mandir}/man8/pam_mail.8%{?ext_man}
%{_mandir}/man8/pam_mkhomedir.8%{?ext_man}
%{_mandir}/man8/pam_motd.8%{?ext_man}
%{_mandir}/man8/pam_namespace.8%{?ext_man}
%{_mandir}/man8/pam_namespace_helper.8%{?ext_man}
%{_mandir}/man8/pam_nologin.8%{?ext_man}
%{_mandir}/man8/pam_permit.8%{?ext_man}
%{_mandir}/man8/pam_pwhistory.8%{?ext_man}
%{_mandir}/man8/pam_rhosts.8%{?ext_man}
%{_mandir}/man8/pam_rootok.8%{?ext_man}
%{_mandir}/man8/pam_securetty.8%{?ext_man}
%{_mandir}/man8/pam_selinux.8%{?ext_man}
%{_mandir}/man8/pam_sepermit.8%{?ext_man}
%{_mandir}/man8/pam_setquota.8%{?ext_man}
%{_mandir}/man8/pam_shells.8%{?ext_man}
%{_mandir}/man8/pam_succeed_if.8%{?ext_man}
%{_mandir}/man8/pam_time.8%{?ext_man}
%{_mandir}/man8/pam_timestamp.8%{?ext_man}
%{_mandir}/man8/pam_timestamp_check.8%{?ext_man}
%{_mandir}/man8/pam_tty_audit.8%{?ext_man}
%{_mandir}/man8/pam_umask.8%{?ext_man}
%{_mandir}/man8/pam_unix.8%{?ext_man}
%{_mandir}/man8/pam_usertype.8%{?ext_man}
%{_mandir}/man8/pam_warn.8%{?ext_man}
%{_mandir}/man8/pam_wheel.8%{?ext_man}
%{_mandir}/man8/pam_xauth.8%{?ext_man}
%{_mandir}/man8/unix2_chkpwd.8%{?ext_man}
%{_mandir}/man8/unix_chkpwd.8%{?ext_man}
%{_mandir}/man8/unix_update.8%{?ext_man}
/%{_lib}/libpam.so.0
/%{_lib}/libpam.so.%{libpam_so_version}
/%{_lib}/libpamc.so.0
@ -328,13 +332,13 @@ done
/%{_lib}/libpam_misc.so.%{libpam_misc_so_version}
%dir /%{_lib}/security
/%{_lib}/security/pam_access.so
/%{_lib}/security/pam_cracklib.so
/%{_lib}/security/pam_debug.so
/%{_lib}/security/pam_deny.so
/%{_lib}/security/pam_echo.so
/%{_lib}/security/pam_env.so
/%{_lib}/security/pam_exec.so
/%{_lib}/security/pam_faildelay.so
#/%{_lib}/security/pam_faillock.so
/%{_lib}/security/pam_filter.so
%dir /%{_lib}/security/pam_filter
/%{_lib}/security//pam_filter/upperLOWER
@ -361,10 +365,10 @@ done
/%{_lib}/security/pam_selinux.so
/%{_lib}/security/pam_sepermit.so
%endif
/%{_lib}/security/pam_setquota.so
/%{_lib}/security/pam_shells.so
/%{_lib}/security/pam_stress.so
/%{_lib}/security/pam_succeed_if.so
/%{_lib}/security/pam_tally2.so
/%{_lib}/security/pam_time.so
/%{_lib}/security/pam_timestamp.so
/%{_lib}/security/pam_tty_audit.so
@ -374,20 +378,31 @@ done
/%{_lib}/security/pam_unix_auth.so
/%{_lib}/security/pam_unix_passwd.so
/%{_lib}/security/pam_unix_session.so
/%{_lib}/security/pam_usertype.so
/%{_lib}/security/pam_warn.so
/%{_lib}/security/pam_wheel.so
/%{_lib}/security/pam_xauth.so
/sbin/faillock
/sbin/mkhomedir_helper
/sbin/pam_tally2
/sbin/pam_namespace_helper
/sbin/pam_timestamp_check
%verify(not mode) %attr(4755,root,shadow) /sbin/unix_chkpwd
%verify(not mode) %attr(4755,root,shadow) /sbin/unix2_chkpwd
%attr(0700,root,root) /sbin/unix_update
%{_unitdir}/pam_namespace.service
%files extra
%defattr(-,root,root,755)
%attr(755,root,root) /%{_lib}/security/pam_userdb.so
%attr(644,root,root) %doc %{_mandir}/man8/pam_userdb.8.gz
/%{_lib}/security/pam_userdb.so
%{_mandir}/man8/pam_userdb.8%{?ext_man}
%files deprecated
%defattr(-,root,root,755)
/%{_lib}/security/pam_cracklib.so
/%{_lib}/security/pam_tally2.so
/sbin/pam_tally2
%{_mandir}/man8/pam_cracklib.8%{?ext_man}
%{_mandir}/man8/pam_tally2.8%{?ext_man}
%files doc
%defattr(644,root,root,755)

34
use-correct-IP-address.patch
View File

@ -1,34 +0,0 @@
Index: Linux-PAM-1.3.1/modules/pam_access/pam_access.c
===================================================================
--- Linux-PAM-1.3.1.orig/modules/pam_access/pam_access.c
+++ Linux-PAM-1.3.1/modules/pam_access/pam_access.c
@@ -716,7 +716,7 @@ network_netmask_match (pam_handle_t *pam
if (item->debug)
pam_syslog (pamh, LOG_DEBUG,
- "network_netmask_match: tok=%s, item=%s", tok, string);
+ "network_netmask_match: tok=%s, string=%s", tok, string);
/* OK, check if tok is of type addr/mask */
if ((netmask_ptr = strchr(tok, '/')) != NULL)
@@ -734,7 +734,7 @@ network_netmask_match (pam_handle_t *pam
/* check netmask */
if (isipaddr(netmask_ptr, NULL, NULL) == NO)
- { /* netmask as integre value */
+ { /* netmask as integer value */
char *endptr = NULL;
netmask = strtol(netmask_ptr, &endptr, 0);
if ((endptr == netmask_ptr) || (*endptr != '\0'))
@@ -778,9 +778,9 @@ network_netmask_match (pam_handle_t *pam
ai = NULL; /* just to be on the safe side */
- if (getaddrinfo (string, NULL, &hint, &ai) != 0)
+ if (getaddrinfo (tok, NULL, &hint, &ai) != 0)
{
- pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", string);
+ pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", tok);
return NO;
}