SHA256
1
0
forked from pool/pam
OBS User unknown 2008-10-22 16:33:56 +00:00 committed by Git OBS Bridge
parent 43d230bb77
commit 0467e7f0da
5 changed files with 2480 additions and 191 deletions

File diff suppressed because it is too large Load Diff

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Oct 17 14:02:31 CEST 2008 - kukuk@suse.de
- Add pam_tally2
- Regenerate Documentation
------------------------------------------------------------------- -------------------------------------------------------------------
Sat Oct 11 17:06:49 CEST 2008 - kukuk@suse.de Sat Oct 11 17:06:49 CEST 2008 - kukuk@suse.de

View File

@ -35,7 +35,7 @@ License: BSD 3-Clause; GPL v2 or later
Group: System/Libraries Group: System/Libraries
AutoReqProv: on AutoReqProv: on
Version: 1.0.2 Version: 1.0.2
Release: 9 Release: 10
Summary: A Security Tool that Provides Authentication for Applications Summary: A Security Tool that Provides Authentication for Applications
Source: Linux-PAM-%{version}.tar.bz2 Source: Linux-PAM-%{version}.tar.bz2
Source1: Linux-PAM-%{version}-SUSE-docs.tar.bz2 Source1: Linux-PAM-%{version}-SUSE-docs.tar.bz2
@ -58,6 +58,8 @@ Patch7: pam_mail.diff
Patch8: pam_tally-fdleak.diff Patch8: pam_tally-fdleak.diff
Patch9: pam_pwhistory-0.1.diff Patch9: pam_pwhistory-0.1.diff
Patch10: pam_lastlog.diff Patch10: pam_lastlog.diff
Patch11: pam_tally2.diff
Patch12: pam_cracklib-no-pwhistory.diff
%description %description
PAM (Pluggable Authentication Modules) is a system security tool that PAM (Pluggable Authentication Modules) is a system security tool that
@ -111,6 +113,9 @@ building both PAM-aware applications and modules for use with PAM.
%patch9 -p0 %patch9 -p0
chmod 755 modules/pam_pwhistory/tst-pam_pwhistory chmod 755 modules/pam_pwhistory/tst-pam_pwhistory
%patch10 -p0 %patch10 -p0
%patch11 -p1
chmod 755 modules/pam_tally2/tst-pam_tally2
%patch12 -p0
%build %build
aclocal -I m4 --install --force aclocal -I m4 --install --force
@ -283,6 +288,7 @@ rm -rf $RPM_BUILD_ROOT
/%{_lib}/security/pam_stress.so /%{_lib}/security/pam_stress.so
/%{_lib}/security/pam_succeed_if.so /%{_lib}/security/pam_succeed_if.so
/%{_lib}/security/pam_tally.so /%{_lib}/security/pam_tally.so
/%{_lib}/security/pam_tally2.so
/%{_lib}/security/pam_time.so /%{_lib}/security/pam_time.so
/%{_lib}/security/pam_tty_audit.so /%{_lib}/security/pam_tty_audit.so
/%{_lib}/security/pam_umask.so /%{_lib}/security/pam_umask.so
@ -296,6 +302,7 @@ rm -rf $RPM_BUILD_ROOT
/%{_lib}/security/pam_wheel.so /%{_lib}/security/pam_wheel.so
/%{_lib}/security/pam_xauth.so /%{_lib}/security/pam_xauth.so
/sbin/pam_tally /sbin/pam_tally
/sbin/pam_tally2
%verify(not mode) %attr(4755,root,shadow) /sbin/unix_chkpwd %verify(not mode) %attr(4755,root,shadow) /sbin/unix_chkpwd
%attr(0700,root,root) /sbin/unix_update %attr(0700,root,root) /sbin/unix_update
@ -317,6 +324,9 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/libpam_misc.so %{_libdir}/libpam_misc.so
%changelog %changelog
* Fri Oct 17 2008 kukuk@suse.de
- Add pam_tally2
- Regenerate Documentation
* Sat Oct 11 2008 kukuk@suse.de * Sat Oct 11 2008 kukuk@suse.de
- Enhance pam_lastlog with status output - Enhance pam_lastlog with status output
- Add pam_pwhistory as tech preview - Add pam_pwhistory as tech preview

View File

@ -0,0 +1,88 @@
--- modules/pam_cracklib/pam_cracklib.8.xml
+++ modules/pam_cracklib/pam_cracklib.8.xml 2008/10/17 10:25:35
@@ -111,15 +111,6 @@
</para>
</listitem>
</varlistentry>
- <varlistentry>
- <term>Already used</term>
- <listitem>
- <para>
- Was the password used in the past? Previously used passwords
- are to be found in <filename>/etc/security/opasswd</filename>.
- </para>
- </listitem>
- </varlistentry>
</variablelist>
<para>
This module with no arguments will work well for standard unix
--- modules/pam_cracklib/pam_cracklib.c
+++ modules/pam_cracklib/pam_cracklib.c 2008/10/17 10:26:56
@@ -472,43 +472,6 @@
}
-#define OLD_PASSWORDS_FILE "/etc/security/opasswd"
-
-static const char * check_old_password(const char *forwho, const char *newpass)
-{
- static char buf[16384];
- char *s_luser, *s_uid, *s_npas, *s_pas;
- const char *msg = NULL;
- FILE *opwfile;
-
- opwfile = fopen(OLD_PASSWORDS_FILE, "r");
- if (opwfile == NULL)
- return NULL;
-
- while (fgets(buf, 16380, opwfile)) {
- if (!strncmp(buf, forwho, strlen(forwho))) {
- char *sptr;
- buf[strlen(buf)-1] = '\0';
- s_luser = strtok_r(buf, ":,", &sptr);
- s_uid = strtok_r(NULL, ":,", &sptr);
- s_npas = strtok_r(NULL, ":,", &sptr);
- s_pas = strtok_r(NULL, ":,", &sptr);
- while (s_pas != NULL) {
- if (!strcmp(crypt(newpass, s_pas), s_pas)) {
- msg = _("has been already used");
- break;
- }
- s_pas = strtok_r(NULL, ":,", &sptr);
- }
- break;
- }
- }
- fclose(opwfile);
-
- return msg;
-}
-
-
static int _pam_unix_approve_pass(pam_handle_t *pamh,
unsigned int ctrl,
struct cracklib_options *opt,
@@ -516,7 +479,6 @@
const char *pass_new)
{
const char *msg = NULL;
- const void *user;
int retval;
if (pass_new == NULL || (pass_old && !strcmp(pass_old,pass_new))) {
@@ -532,15 +494,6 @@
* checking this would be the place
*/
msg = password_check(opt, pass_old, pass_new);
- if (!msg) {
- retval = pam_get_item(pamh, PAM_USER, &user);
- if (retval != PAM_SUCCESS || user == NULL) {
- if (ctrl & PAM_DEBUG_ARG)
- pam_syslog(pamh,LOG_ERR,"Can not get username");
- return PAM_AUTHTOK_ERR;
- }
- msg = check_old_password(user, pass_new);
- }
if (msg) {
if (ctrl & PAM_DEBUG_ARG)

1622
pam_tally2.diff Normal file

File diff suppressed because it is too large Load Diff