This commit is contained in:
parent
43d230bb77
commit
0467e7f0da
File diff suppressed because it is too large
Load Diff
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Oct 17 14:02:31 CEST 2008 - kukuk@suse.de
|
||||
|
||||
- Add pam_tally2
|
||||
- Regenerate Documentation
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Oct 11 17:06:49 CEST 2008 - kukuk@suse.de
|
||||
|
||||
|
12
pam.spec
12
pam.spec
@ -35,7 +35,7 @@ License: BSD 3-Clause; GPL v2 or later
|
||||
Group: System/Libraries
|
||||
AutoReqProv: on
|
||||
Version: 1.0.2
|
||||
Release: 9
|
||||
Release: 10
|
||||
Summary: A Security Tool that Provides Authentication for Applications
|
||||
Source: Linux-PAM-%{version}.tar.bz2
|
||||
Source1: Linux-PAM-%{version}-SUSE-docs.tar.bz2
|
||||
@ -58,6 +58,8 @@ Patch7: pam_mail.diff
|
||||
Patch8: pam_tally-fdleak.diff
|
||||
Patch9: pam_pwhistory-0.1.diff
|
||||
Patch10: pam_lastlog.diff
|
||||
Patch11: pam_tally2.diff
|
||||
Patch12: pam_cracklib-no-pwhistory.diff
|
||||
|
||||
%description
|
||||
PAM (Pluggable Authentication Modules) is a system security tool that
|
||||
@ -111,6 +113,9 @@ building both PAM-aware applications and modules for use with PAM.
|
||||
%patch9 -p0
|
||||
chmod 755 modules/pam_pwhistory/tst-pam_pwhistory
|
||||
%patch10 -p0
|
||||
%patch11 -p1
|
||||
chmod 755 modules/pam_tally2/tst-pam_tally2
|
||||
%patch12 -p0
|
||||
|
||||
%build
|
||||
aclocal -I m4 --install --force
|
||||
@ -283,6 +288,7 @@ rm -rf $RPM_BUILD_ROOT
|
||||
/%{_lib}/security/pam_stress.so
|
||||
/%{_lib}/security/pam_succeed_if.so
|
||||
/%{_lib}/security/pam_tally.so
|
||||
/%{_lib}/security/pam_tally2.so
|
||||
/%{_lib}/security/pam_time.so
|
||||
/%{_lib}/security/pam_tty_audit.so
|
||||
/%{_lib}/security/pam_umask.so
|
||||
@ -296,6 +302,7 @@ rm -rf $RPM_BUILD_ROOT
|
||||
/%{_lib}/security/pam_wheel.so
|
||||
/%{_lib}/security/pam_xauth.so
|
||||
/sbin/pam_tally
|
||||
/sbin/pam_tally2
|
||||
%verify(not mode) %attr(4755,root,shadow) /sbin/unix_chkpwd
|
||||
%attr(0700,root,root) /sbin/unix_update
|
||||
|
||||
@ -317,6 +324,9 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_libdir}/libpam_misc.so
|
||||
|
||||
%changelog
|
||||
* Fri Oct 17 2008 kukuk@suse.de
|
||||
- Add pam_tally2
|
||||
- Regenerate Documentation
|
||||
* Sat Oct 11 2008 kukuk@suse.de
|
||||
- Enhance pam_lastlog with status output
|
||||
- Add pam_pwhistory as tech preview
|
||||
|
88
pam_cracklib-no-pwhistory.diff
Normal file
88
pam_cracklib-no-pwhistory.diff
Normal file
@ -0,0 +1,88 @@
|
||||
--- modules/pam_cracklib/pam_cracklib.8.xml
|
||||
+++ modules/pam_cracklib/pam_cracklib.8.xml 2008/10/17 10:25:35
|
||||
@@ -111,15 +111,6 @@
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
- <varlistentry>
|
||||
- <term>Already used</term>
|
||||
- <listitem>
|
||||
- <para>
|
||||
- Was the password used in the past? Previously used passwords
|
||||
- are to be found in <filename>/etc/security/opasswd</filename>.
|
||||
- </para>
|
||||
- </listitem>
|
||||
- </varlistentry>
|
||||
</variablelist>
|
||||
<para>
|
||||
This module with no arguments will work well for standard unix
|
||||
--- modules/pam_cracklib/pam_cracklib.c
|
||||
+++ modules/pam_cracklib/pam_cracklib.c 2008/10/17 10:26:56
|
||||
@@ -472,43 +472,6 @@
|
||||
}
|
||||
|
||||
|
||||
-#define OLD_PASSWORDS_FILE "/etc/security/opasswd"
|
||||
-
|
||||
-static const char * check_old_password(const char *forwho, const char *newpass)
|
||||
-{
|
||||
- static char buf[16384];
|
||||
- char *s_luser, *s_uid, *s_npas, *s_pas;
|
||||
- const char *msg = NULL;
|
||||
- FILE *opwfile;
|
||||
-
|
||||
- opwfile = fopen(OLD_PASSWORDS_FILE, "r");
|
||||
- if (opwfile == NULL)
|
||||
- return NULL;
|
||||
-
|
||||
- while (fgets(buf, 16380, opwfile)) {
|
||||
- if (!strncmp(buf, forwho, strlen(forwho))) {
|
||||
- char *sptr;
|
||||
- buf[strlen(buf)-1] = '\0';
|
||||
- s_luser = strtok_r(buf, ":,", &sptr);
|
||||
- s_uid = strtok_r(NULL, ":,", &sptr);
|
||||
- s_npas = strtok_r(NULL, ":,", &sptr);
|
||||
- s_pas = strtok_r(NULL, ":,", &sptr);
|
||||
- while (s_pas != NULL) {
|
||||
- if (!strcmp(crypt(newpass, s_pas), s_pas)) {
|
||||
- msg = _("has been already used");
|
||||
- break;
|
||||
- }
|
||||
- s_pas = strtok_r(NULL, ":,", &sptr);
|
||||
- }
|
||||
- break;
|
||||
- }
|
||||
- }
|
||||
- fclose(opwfile);
|
||||
-
|
||||
- return msg;
|
||||
-}
|
||||
-
|
||||
-
|
||||
static int _pam_unix_approve_pass(pam_handle_t *pamh,
|
||||
unsigned int ctrl,
|
||||
struct cracklib_options *opt,
|
||||
@@ -516,7 +479,6 @@
|
||||
const char *pass_new)
|
||||
{
|
||||
const char *msg = NULL;
|
||||
- const void *user;
|
||||
int retval;
|
||||
|
||||
if (pass_new == NULL || (pass_old && !strcmp(pass_old,pass_new))) {
|
||||
@@ -532,15 +494,6 @@
|
||||
* checking this would be the place
|
||||
*/
|
||||
msg = password_check(opt, pass_old, pass_new);
|
||||
- if (!msg) {
|
||||
- retval = pam_get_item(pamh, PAM_USER, &user);
|
||||
- if (retval != PAM_SUCCESS || user == NULL) {
|
||||
- if (ctrl & PAM_DEBUG_ARG)
|
||||
- pam_syslog(pamh,LOG_ERR,"Can not get username");
|
||||
- return PAM_AUTHTOK_ERR;
|
||||
- }
|
||||
- msg = check_old_password(user, pass_new);
|
||||
- }
|
||||
|
||||
if (msg) {
|
||||
if (ctrl & PAM_DEBUG_ARG)
|
1622
pam_tally2.diff
Normal file
1622
pam_tally2.diff
Normal file
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user