OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=21

2008-11-20 15:45:35 +00:00 · 2008-11-20 15:45:35 +00:00 · 3bf1d7f7d2
commit 3bf1d7f7d2
parent 144e487040
4 changed files with 166 additions and 31 deletions
--- a/pam.changes
+++ b/pam.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Nov 19 11:13:31 CET 2008 - kukuk@suse.de
+
+- pam_xauth: update last patch
+- pam_pwhistory: add missing type option
+
 -------------------------------------------------------------------
 Tue Nov  4 13:42:03 CET 2008 - mc@suse.de

--- a/pam.spec
+++ b/pam.spec
@ -35,7 +35,7 @@ License:        BSD 3-Clause; GPL v2 or later
 Group:          System/Libraries
 AutoReqProv:    on
 Version:        1.0.2
-Release:        11
+Release:        12
 Summary:        A Security Tool that Provides Authentication for Applications
 Source:         Linux-PAM-%{version}.tar.bz2
 Source1:        Linux-PAM-%{version}-SUSE-docs.tar.bz2
@ -61,6 +61,7 @@ Patch10:        pam_lastlog.diff
 Patch11:        pam_tally2.diff
 Patch12:        pam_cracklib-no-pwhistory.diff
 Patch13:        pam_xauth-XAUTHLOCALHOSTNAME.diff
+Patch14:        pam_pwhistory-type.diff

 %description
 PAM (Pluggable Authentication Modules) is a system security tool that
@ -118,6 +119,7 @@ chmod 755 modules/pam_pwhistory/tst-pam_pwhistory
 chmod 755 modules/pam_tally2/tst-pam_tally2
 %patch12 -p0
 %patch13 -p0
+%patch14 -p0

 %build
 aclocal -I m4 --install --force
@ -326,6 +328,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/libpam_misc.so

 %changelog
+* Wed Nov 19 2008 kukuk@suse.de
+- pam_xauth: update last patch
+- pam_pwhistory: add missing type option
 * Tue Nov 04 2008 mc@suse.de
 - pam_xauth: put XAUTHLOCALHOSTNAME into new enviroment
  (bnc#441314)
--- a/pam_pwhistory-type.diff
+++ b/pam_pwhistory-type.diff
@ -0,0 +1,102 @@
+Index: modules/pam_pwhistory/pam_pwhistory.8.xml
+===================================================================
+RCS file: /cvsroot/pam/Linux-PAM/modules/pam_pwhistory/pam_pwhistory.8.xml,v
+retrieving revision 1.1
+diff -u -r1.1 pam_pwhistory.8.xml
+--- modules/pam_pwhistory/pam_pwhistory.8.xml	10 Oct 2008 06:53:45 -0000	1.1
+++ modules/pam_pwhistory/pam_pwhistory.8.xml	19 Nov 2008 14:24:00 -0000
+@@ -33,6 +33,9 @@
+       <arg choice="opt">
+         retry=<replaceable>N</replaceable>
+       </arg>
+      <arg choice="opt">
+        type=<replaceable>STRING</replaceable>
+      </arg>
+ 
+     </cmdsynopsis>
+   </refsynopsisdiv>
+@@ -119,6 +122,21 @@
+           </listitem>
+         </varlistentry>
+ 
+        <varlistentry>
+          <term>
+            <option>type=<replaceable>STRING</replaceable></option>
+          </term>
+          <listitem>
+            <para>
+              The default action is for the module to use the
+              following prompts when requesting passwords:
+              "New UNIX password: " and "Retype UNIX password: ".
+              The default word <emphasis>UNIX</emphasis> can
+              be replaced with this option.
+            </para>
+          </listitem>
+        </varlistentry>
+
+     </variablelist>
+   </refsect1>
+ 
+Index: modules/pam_pwhistory/pam_pwhistory.c
+===================================================================
+RCS file: /cvsroot/pam/Linux-PAM/modules/pam_pwhistory/pam_pwhistory.c,v
+retrieving revision 1.1
+diff -u -r1.1 pam_pwhistory.c
+--- modules/pam_pwhistory/pam_pwhistory.c	10 Oct 2008 06:53:45 -0000	1.1
+++ modules/pam_pwhistory/pam_pwhistory.c	19 Nov 2008 14:24:00 -0000
+@@ -58,7 +58,9 @@
+ 
+ #include "opasswd.h"
+ 
+/* For Translators: "%s%s" could be replaced with "<service> " or "". */
+ #define NEW_PASSWORD_PROMPT _("New %s%spassword: ")
+/* For Translators: "%s%s" could be replaced with "<service> " or "". */
+ #define AGAIN_PASSWORD_PROMPT _("Retype new %s%spassword: ")
+ #define MISTYPED_PASSWORD _("Sorry, passwords do not match.")
+ 
+@@ -70,6 +72,7 @@
+   int enforce_for_root;
+   int remember;
+   int tries;
+  const char *prompt_type;
+ };
+ typedef struct options_t options_t;
+ 
+@@ -101,6 +104,8 @@
+     }
+   else if (strcasecmp (argv, "enforce_for_root") == 0)
+     options->enforce_for_root = 1;
+  else if (strncasecmp (argv, "type=", 5) == 0)
+    options->prompt_type = &argv[5];
+   else
+     pam_syslog (pamh, LOG_ERR, "pam_pwhistory: unknown option: %s", argv);
+ }
+@@ -121,6 +126,7 @@
+   /* Set some default values, which could be overwritten later.  */
+   options.remember = 10;
+   options.tries = 1;
+  options.prompt_type = "UNIX";
+ 
+   /* Parse parameters for module */
+   for ( ; argc-- > 0; argv++)
+@@ -209,7 +215,8 @@
+       while ((newpass == NULL) && (tries++ < options.tries))
+ 	{
+ 	  retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &newpass,
+-			       NEW_PASSWORD_PROMPT, "UNIX", " ");
+			       NEW_PASSWORD_PROMPT, options.prompt_type,
+			       strlen (options.prompt_type) > 0?" ":"");
+ 	  if (retval != PAM_SUCCESS)
+ 	    {
+ 	      _pam_drop (newpass);
+@@ -249,7 +256,9 @@
+ 	      char *new2;
+ 
+ 	      retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &new2,
+-				   AGAIN_PASSWORD_PROMPT, "UNIX", " ");
+				   AGAIN_PASSWORD_PROMPT,
+				   options.prompt_type,
+				   strlen (options.prompt_type) > 0?" ":"");
+               if (retval != PAM_SUCCESS)
+ 		return retval;
+ 
--- a/pam_xauth-XAUTHLOCALHOSTNAME.diff
+++ b/pam_xauth-XAUTHLOCALHOSTNAME.diff
@ -1,32 +1,54 @@
--- modules/pam_xauth/pam_xauth.c
-+++ modules/pam_xauth/pam_xauth.c	2008/11/04 10:59:23
-@@ -600,6 +600,29 @@
+--- modules/pam_xauth/pam_xauth.c	8 Apr 2008 07:01:41 -0000	1.16
+++ modules/pam_xauth/pam_xauth.c	18 Nov 2008 12:30:58 -0000
+@@ -280,7 +280,7 @@
+ 			return noent_code;
+ 		default:
+ 			if (debug) {
+-				pam_syslog(pamh, LOG_ERR,
+				pam_syslog(pamh, LOG_DEBUG,
+ 					   "error opening %s: %m", path);
+ 			}
+ 			return PAM_PERM_DENIED;
+@@ -293,7 +293,8 @@
+ 		     int argc, const char **argv)
+ {
+ 	char *cookiefile = NULL, *xauthority = NULL,
+-	     *cookie = NULL, *display = NULL, *tmp = NULL;
+	     *cookie = NULL, *display = NULL, *tmp = NULL,
+	     *xauthlocalhostname = NULL;
+ 	const char *user, *xauth = NULL;
+ 	struct passwd *tpwd, *rpwd;
+ 	int fd, i, debug = 0;
+@@ -588,14 +589,30 @@
+ 
+ 		  if (asprintf(&d, "DISPLAY=%s", display) < 0)
+ 		    {
+-		      pam_syslog(pamh, LOG_DEBUG, "out of memory");
+		      pam_syslog(pamh, LOG_ERR, "out of memory");
+ 		      cookiefile = NULL;
+ 		      retval = PAM_SESSION_ERR;
+ 		      goto cleanup;
+ 		    }
+ 
+ 		  if (pam_putenv (pamh, d) != PAM_SUCCESS)
+-		    pam_syslog (pamh, LOG_DEBUG,
+		    pam_syslog (pamh, LOG_ERR,
+				"can't set environment variable '%s'", d);
+		  free (d);
+		}
+
+		/* set XAUTHLOCALHOSTNAME to make sure that su - work under gnome */
+		if ((xauthlocalhostname = getenv("XAUTHLOCALHOSTNAME")) != NULL) {
+		  char *d;
+
+		  if (asprintf(&d, "XAUTHLOCALHOSTNAME=%s", xauthlocalhostname) < 0) {
+		    pam_syslog(pamh, LOG_ERR, "out of memory");
+		    retval = PAM_SESSION_ERR;
+		    goto cleanup;
+		  }
+
+		  if (pam_putenv (pamh, d) != PAM_SUCCESS)
+		    pam_syslog (pamh, LOG_ERR,
+ 				"can't set environment variable '%s'", d);
 		  free (d);
 		}
- 
-+		/* set XAUTHLOCALHOSTNAME to make sure that su - work under gnome */
-+		if (getenv("XAUTHLOCALHOSTNAME") != NULL) {
-+			char *d, *xauthlocalhostname;
-+			
-+			xauthlocalhostname = strdup(getenv("XAUTHLOCALHOSTNAME"));
-+			
-+			if (asprintf(&d, "XAUTHLOCALHOSTNAME=%s", xauthlocalhostname) < 0)
-+		    {
-+				pam_syslog(pamh, LOG_DEBUG, "out of memory");
-+				free(xauthlocalhostname);
-+				xauthlocalhostname = NULL;
-+				retval = PAM_SESSION_ERR;
-+				goto cleanup;
-+		    }
-+
-+			if (pam_putenv (pamh, d) != PAM_SUCCESS)
-+				pam_syslog (pamh, LOG_DEBUG,
-+							"can't set environment variable '%s'", d);
-+			free (d);
-+			free(xauthlocalhostname);
-+			xauthlocalhostname = NULL;
-+		}
-+		
- 		/* Merge the cookie we read before into the new file. */
- 		if (debug) {
- 			pam_syslog(pamh, LOG_DEBUG,