This commit is contained in:
parent
43d230bb77
commit
0467e7f0da
File diff suppressed because it is too large
Load Diff
@ -1,3 +1,9 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Oct 17 14:02:31 CEST 2008 - kukuk@suse.de
|
||||||
|
|
||||||
|
- Add pam_tally2
|
||||||
|
- Regenerate Documentation
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sat Oct 11 17:06:49 CEST 2008 - kukuk@suse.de
|
Sat Oct 11 17:06:49 CEST 2008 - kukuk@suse.de
|
||||||
|
|
||||||
|
12
pam.spec
12
pam.spec
@ -35,7 +35,7 @@ License: BSD 3-Clause; GPL v2 or later
|
|||||||
Group: System/Libraries
|
Group: System/Libraries
|
||||||
AutoReqProv: on
|
AutoReqProv: on
|
||||||
Version: 1.0.2
|
Version: 1.0.2
|
||||||
Release: 9
|
Release: 10
|
||||||
Summary: A Security Tool that Provides Authentication for Applications
|
Summary: A Security Tool that Provides Authentication for Applications
|
||||||
Source: Linux-PAM-%{version}.tar.bz2
|
Source: Linux-PAM-%{version}.tar.bz2
|
||||||
Source1: Linux-PAM-%{version}-SUSE-docs.tar.bz2
|
Source1: Linux-PAM-%{version}-SUSE-docs.tar.bz2
|
||||||
@ -58,6 +58,8 @@ Patch7: pam_mail.diff
|
|||||||
Patch8: pam_tally-fdleak.diff
|
Patch8: pam_tally-fdleak.diff
|
||||||
Patch9: pam_pwhistory-0.1.diff
|
Patch9: pam_pwhistory-0.1.diff
|
||||||
Patch10: pam_lastlog.diff
|
Patch10: pam_lastlog.diff
|
||||||
|
Patch11: pam_tally2.diff
|
||||||
|
Patch12: pam_cracklib-no-pwhistory.diff
|
||||||
|
|
||||||
%description
|
%description
|
||||||
PAM (Pluggable Authentication Modules) is a system security tool that
|
PAM (Pluggable Authentication Modules) is a system security tool that
|
||||||
@ -111,6 +113,9 @@ building both PAM-aware applications and modules for use with PAM.
|
|||||||
%patch9 -p0
|
%patch9 -p0
|
||||||
chmod 755 modules/pam_pwhistory/tst-pam_pwhistory
|
chmod 755 modules/pam_pwhistory/tst-pam_pwhistory
|
||||||
%patch10 -p0
|
%patch10 -p0
|
||||||
|
%patch11 -p1
|
||||||
|
chmod 755 modules/pam_tally2/tst-pam_tally2
|
||||||
|
%patch12 -p0
|
||||||
|
|
||||||
%build
|
%build
|
||||||
aclocal -I m4 --install --force
|
aclocal -I m4 --install --force
|
||||||
@ -283,6 +288,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
/%{_lib}/security/pam_stress.so
|
/%{_lib}/security/pam_stress.so
|
||||||
/%{_lib}/security/pam_succeed_if.so
|
/%{_lib}/security/pam_succeed_if.so
|
||||||
/%{_lib}/security/pam_tally.so
|
/%{_lib}/security/pam_tally.so
|
||||||
|
/%{_lib}/security/pam_tally2.so
|
||||||
/%{_lib}/security/pam_time.so
|
/%{_lib}/security/pam_time.so
|
||||||
/%{_lib}/security/pam_tty_audit.so
|
/%{_lib}/security/pam_tty_audit.so
|
||||||
/%{_lib}/security/pam_umask.so
|
/%{_lib}/security/pam_umask.so
|
||||||
@ -296,6 +302,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
/%{_lib}/security/pam_wheel.so
|
/%{_lib}/security/pam_wheel.so
|
||||||
/%{_lib}/security/pam_xauth.so
|
/%{_lib}/security/pam_xauth.so
|
||||||
/sbin/pam_tally
|
/sbin/pam_tally
|
||||||
|
/sbin/pam_tally2
|
||||||
%verify(not mode) %attr(4755,root,shadow) /sbin/unix_chkpwd
|
%verify(not mode) %attr(4755,root,shadow) /sbin/unix_chkpwd
|
||||||
%attr(0700,root,root) /sbin/unix_update
|
%attr(0700,root,root) /sbin/unix_update
|
||||||
|
|
||||||
@ -317,6 +324,9 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_libdir}/libpam_misc.so
|
%{_libdir}/libpam_misc.so
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Oct 17 2008 kukuk@suse.de
|
||||||
|
- Add pam_tally2
|
||||||
|
- Regenerate Documentation
|
||||||
* Sat Oct 11 2008 kukuk@suse.de
|
* Sat Oct 11 2008 kukuk@suse.de
|
||||||
- Enhance pam_lastlog with status output
|
- Enhance pam_lastlog with status output
|
||||||
- Add pam_pwhistory as tech preview
|
- Add pam_pwhistory as tech preview
|
||||||
|
88
pam_cracklib-no-pwhistory.diff
Normal file
88
pam_cracklib-no-pwhistory.diff
Normal file
@ -0,0 +1,88 @@
|
|||||||
|
--- modules/pam_cracklib/pam_cracklib.8.xml
|
||||||
|
+++ modules/pam_cracklib/pam_cracklib.8.xml 2008/10/17 10:25:35
|
||||||
|
@@ -111,15 +111,6 @@
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
- <varlistentry>
|
||||||
|
- <term>Already used</term>
|
||||||
|
- <listitem>
|
||||||
|
- <para>
|
||||||
|
- Was the password used in the past? Previously used passwords
|
||||||
|
- are to be found in <filename>/etc/security/opasswd</filename>.
|
||||||
|
- </para>
|
||||||
|
- </listitem>
|
||||||
|
- </varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
<para>
|
||||||
|
This module with no arguments will work well for standard unix
|
||||||
|
--- modules/pam_cracklib/pam_cracklib.c
|
||||||
|
+++ modules/pam_cracklib/pam_cracklib.c 2008/10/17 10:26:56
|
||||||
|
@@ -472,43 +472,6 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
-#define OLD_PASSWORDS_FILE "/etc/security/opasswd"
|
||||||
|
-
|
||||||
|
-static const char * check_old_password(const char *forwho, const char *newpass)
|
||||||
|
-{
|
||||||
|
- static char buf[16384];
|
||||||
|
- char *s_luser, *s_uid, *s_npas, *s_pas;
|
||||||
|
- const char *msg = NULL;
|
||||||
|
- FILE *opwfile;
|
||||||
|
-
|
||||||
|
- opwfile = fopen(OLD_PASSWORDS_FILE, "r");
|
||||||
|
- if (opwfile == NULL)
|
||||||
|
- return NULL;
|
||||||
|
-
|
||||||
|
- while (fgets(buf, 16380, opwfile)) {
|
||||||
|
- if (!strncmp(buf, forwho, strlen(forwho))) {
|
||||||
|
- char *sptr;
|
||||||
|
- buf[strlen(buf)-1] = '\0';
|
||||||
|
- s_luser = strtok_r(buf, ":,", &sptr);
|
||||||
|
- s_uid = strtok_r(NULL, ":,", &sptr);
|
||||||
|
- s_npas = strtok_r(NULL, ":,", &sptr);
|
||||||
|
- s_pas = strtok_r(NULL, ":,", &sptr);
|
||||||
|
- while (s_pas != NULL) {
|
||||||
|
- if (!strcmp(crypt(newpass, s_pas), s_pas)) {
|
||||||
|
- msg = _("has been already used");
|
||||||
|
- break;
|
||||||
|
- }
|
||||||
|
- s_pas = strtok_r(NULL, ":,", &sptr);
|
||||||
|
- }
|
||||||
|
- break;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
- fclose(opwfile);
|
||||||
|
-
|
||||||
|
- return msg;
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-
|
||||||
|
static int _pam_unix_approve_pass(pam_handle_t *pamh,
|
||||||
|
unsigned int ctrl,
|
||||||
|
struct cracklib_options *opt,
|
||||||
|
@@ -516,7 +479,6 @@
|
||||||
|
const char *pass_new)
|
||||||
|
{
|
||||||
|
const char *msg = NULL;
|
||||||
|
- const void *user;
|
||||||
|
int retval;
|
||||||
|
|
||||||
|
if (pass_new == NULL || (pass_old && !strcmp(pass_old,pass_new))) {
|
||||||
|
@@ -532,15 +494,6 @@
|
||||||
|
* checking this would be the place
|
||||||
|
*/
|
||||||
|
msg = password_check(opt, pass_old, pass_new);
|
||||||
|
- if (!msg) {
|
||||||
|
- retval = pam_get_item(pamh, PAM_USER, &user);
|
||||||
|
- if (retval != PAM_SUCCESS || user == NULL) {
|
||||||
|
- if (ctrl & PAM_DEBUG_ARG)
|
||||||
|
- pam_syslog(pamh,LOG_ERR,"Can not get username");
|
||||||
|
- return PAM_AUTHTOK_ERR;
|
||||||
|
- }
|
||||||
|
- msg = check_old_password(user, pass_new);
|
||||||
|
- }
|
||||||
|
|
||||||
|
if (msg) {
|
||||||
|
if (ctrl & PAM_DEBUG_ARG)
|
1622
pam_tally2.diff
Normal file
1622
pam_tally2.diff
Normal file
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user