From 789436c617c5ee1285aea83f9c4672976482f32df2ff17dad9400ef4b528d37c Mon Sep 17 00:00:00 2001 From: Hans Petter Jansson Date: Thu, 13 Apr 2023 21:23:05 +0000 Subject: [PATCH] Accepting request 1074609 from home:kukuk:branches:network - Rename sshd.pamd to sshd-sle.pamd and fix order of pam_keyinit - Add new sshd.pamd including postlogin-* config files OBS-URL: https://build.opensuse.org/request/show/1074609 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=246 --- openssh.changes | 6 ++++++ openssh.spec | 4 +++- sshd-sle.pamd | 11 +++++++++++ sshd.pamd | 13 ++++++++----- 4 files changed, 28 insertions(+), 6 deletions(-) create mode 100644 sshd-sle.pamd diff --git a/openssh.changes b/openssh.changes index 9e10c91..81250b0 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Mar 27 08:39:38 UTC 2023 - Thorsten Kukuk + +- Rename sshd.pamd to sshd-sle.pamd and fix order of pam_keyinit +- Add new sshd.pamd including postlogin-* config files + ------------------------------------------------------------------- Wed Feb 15 10:35:43 UTC 2023 - Thorsten Kukuk diff --git a/openssh.spec b/openssh.spec index f7925f1..b3434c7 100644 --- a/openssh.spec +++ b/openssh.spec @@ -51,6 +51,7 @@ Source11: README.FIPS Source12: cavs_driver-ssh.pl Source13: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc#/openssh.keyring Source14: sysusers-sshd.conf +Source15: sshd-sle.pamd Patch1: openssh-7.7p1-X11_trusted_forwarding.patch Patch3: openssh-7.7p1-enable_PAM_by_default.patch Patch4: openssh-7.7p1-eal3.patch @@ -308,8 +309,9 @@ export LDFLAGS CFLAGS CXXFLAGS CPPFLAGS install -d -m 755 %{buildroot}%{_pam_vendordir} install -m 644 %{SOURCE2} %{buildroot}%{_pam_vendordir}/sshd %else +# SLE has no distconfdir, so use sle PAM config install -d -m 755 %{buildroot}%{_sysconfdir}/pam.d -install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/sshd +install -m 644 %{SOURCE15} %{buildroot}%{_sysconfdir}/pam.d/sshd %endif install -d -m 755 %{buildroot}%{_localstatedir}/lib/sshd install -d -m 755 %{buildroot}%{_sysconfdir}/ssh/ssh_config.d diff --git a/sshd-sle.pamd b/sshd-sle.pamd new file mode 100644 index 0000000..efe67cb --- /dev/null +++ b/sshd-sle.pamd @@ -0,0 +1,11 @@ +#%PAM-1.0 +auth requisite pam_nologin.so +auth include common-auth +account requisite pam_nologin.so +account include common-account +password include common-password +session required pam_loginuid.so +session optional pam_keyinit.so force revoke +session include common-session +session optional pam_motd.so + diff --git a/sshd.pamd b/sshd.pamd index cf9867c..323cf44 100644 --- a/sshd.pamd +++ b/sshd.pamd @@ -1,11 +1,14 @@ #%PAM-1.0 auth requisite pam_nologin.so -auth include common-auth +auth substack common-auth +auth include postlogin-auth account requisite pam_nologin.so -account include common-account -password include common-password +account substack common-account +account include postlogin-account +password substack common-password +password include postlogin-password session required pam_loginuid.so -session include common-session session optional pam_keyinit.so force revoke +session substack common-session +session include postlogin-session session optional pam_motd.so -