This commit is contained in:
parent
144e487040
commit
3bf1d7f7d2
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 19 11:13:31 CET 2008 - kukuk@suse.de
|
||||
|
||||
- pam_xauth: update last patch
|
||||
- pam_pwhistory: add missing type option
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 4 13:42:03 CET 2008 - mc@suse.de
|
||||
|
||||
|
7
pam.spec
7
pam.spec
@ -35,7 +35,7 @@ License: BSD 3-Clause; GPL v2 or later
|
||||
Group: System/Libraries
|
||||
AutoReqProv: on
|
||||
Version: 1.0.2
|
||||
Release: 11
|
||||
Release: 12
|
||||
Summary: A Security Tool that Provides Authentication for Applications
|
||||
Source: Linux-PAM-%{version}.tar.bz2
|
||||
Source1: Linux-PAM-%{version}-SUSE-docs.tar.bz2
|
||||
@ -61,6 +61,7 @@ Patch10: pam_lastlog.diff
|
||||
Patch11: pam_tally2.diff
|
||||
Patch12: pam_cracklib-no-pwhistory.diff
|
||||
Patch13: pam_xauth-XAUTHLOCALHOSTNAME.diff
|
||||
Patch14: pam_pwhistory-type.diff
|
||||
|
||||
%description
|
||||
PAM (Pluggable Authentication Modules) is a system security tool that
|
||||
@ -118,6 +119,7 @@ chmod 755 modules/pam_pwhistory/tst-pam_pwhistory
|
||||
chmod 755 modules/pam_tally2/tst-pam_tally2
|
||||
%patch12 -p0
|
||||
%patch13 -p0
|
||||
%patch14 -p0
|
||||
|
||||
%build
|
||||
aclocal -I m4 --install --force
|
||||
@ -326,6 +328,9 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_libdir}/libpam_misc.so
|
||||
|
||||
%changelog
|
||||
* Wed Nov 19 2008 kukuk@suse.de
|
||||
- pam_xauth: update last patch
|
||||
- pam_pwhistory: add missing type option
|
||||
* Tue Nov 04 2008 mc@suse.de
|
||||
- pam_xauth: put XAUTHLOCALHOSTNAME into new enviroment
|
||||
(bnc#441314)
|
||||
|
102
pam_pwhistory-type.diff
Normal file
102
pam_pwhistory-type.diff
Normal file
@ -0,0 +1,102 @@
|
||||
Index: modules/pam_pwhistory/pam_pwhistory.8.xml
|
||||
===================================================================
|
||||
RCS file: /cvsroot/pam/Linux-PAM/modules/pam_pwhistory/pam_pwhistory.8.xml,v
|
||||
retrieving revision 1.1
|
||||
diff -u -r1.1 pam_pwhistory.8.xml
|
||||
--- modules/pam_pwhistory/pam_pwhistory.8.xml 10 Oct 2008 06:53:45 -0000 1.1
|
||||
+++ modules/pam_pwhistory/pam_pwhistory.8.xml 19 Nov 2008 14:24:00 -0000
|
||||
@@ -33,6 +33,9 @@
|
||||
<arg choice="opt">
|
||||
retry=<replaceable>N</replaceable>
|
||||
</arg>
|
||||
+ <arg choice="opt">
|
||||
+ type=<replaceable>STRING</replaceable>
|
||||
+ </arg>
|
||||
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
@@ -119,6 +122,21 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
+ <varlistentry>
|
||||
+ <term>
|
||||
+ <option>type=<replaceable>STRING</replaceable></option>
|
||||
+ </term>
|
||||
+ <listitem>
|
||||
+ <para>
|
||||
+ The default action is for the module to use the
|
||||
+ following prompts when requesting passwords:
|
||||
+ "New UNIX password: " and "Retype UNIX password: ".
|
||||
+ The default word <emphasis>UNIX</emphasis> can
|
||||
+ be replaced with this option.
|
||||
+ </para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
Index: modules/pam_pwhistory/pam_pwhistory.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/pam/Linux-PAM/modules/pam_pwhistory/pam_pwhistory.c,v
|
||||
retrieving revision 1.1
|
||||
diff -u -r1.1 pam_pwhistory.c
|
||||
--- modules/pam_pwhistory/pam_pwhistory.c 10 Oct 2008 06:53:45 -0000 1.1
|
||||
+++ modules/pam_pwhistory/pam_pwhistory.c 19 Nov 2008 14:24:00 -0000
|
||||
@@ -58,7 +58,9 @@
|
||||
|
||||
#include "opasswd.h"
|
||||
|
||||
+/* For Translators: "%s%s" could be replaced with "<service> " or "". */
|
||||
#define NEW_PASSWORD_PROMPT _("New %s%spassword: ")
|
||||
+/* For Translators: "%s%s" could be replaced with "<service> " or "". */
|
||||
#define AGAIN_PASSWORD_PROMPT _("Retype new %s%spassword: ")
|
||||
#define MISTYPED_PASSWORD _("Sorry, passwords do not match.")
|
||||
|
||||
@@ -70,6 +72,7 @@
|
||||
int enforce_for_root;
|
||||
int remember;
|
||||
int tries;
|
||||
+ const char *prompt_type;
|
||||
};
|
||||
typedef struct options_t options_t;
|
||||
|
||||
@@ -101,6 +104,8 @@
|
||||
}
|
||||
else if (strcasecmp (argv, "enforce_for_root") == 0)
|
||||
options->enforce_for_root = 1;
|
||||
+ else if (strncasecmp (argv, "type=", 5) == 0)
|
||||
+ options->prompt_type = &argv[5];
|
||||
else
|
||||
pam_syslog (pamh, LOG_ERR, "pam_pwhistory: unknown option: %s", argv);
|
||||
}
|
||||
@@ -121,6 +126,7 @@
|
||||
/* Set some default values, which could be overwritten later. */
|
||||
options.remember = 10;
|
||||
options.tries = 1;
|
||||
+ options.prompt_type = "UNIX";
|
||||
|
||||
/* Parse parameters for module */
|
||||
for ( ; argc-- > 0; argv++)
|
||||
@@ -209,7 +215,8 @@
|
||||
while ((newpass == NULL) && (tries++ < options.tries))
|
||||
{
|
||||
retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &newpass,
|
||||
- NEW_PASSWORD_PROMPT, "UNIX", " ");
|
||||
+ NEW_PASSWORD_PROMPT, options.prompt_type,
|
||||
+ strlen (options.prompt_type) > 0?" ":"");
|
||||
if (retval != PAM_SUCCESS)
|
||||
{
|
||||
_pam_drop (newpass);
|
||||
@@ -249,7 +256,9 @@
|
||||
char *new2;
|
||||
|
||||
retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &new2,
|
||||
- AGAIN_PASSWORD_PROMPT, "UNIX", " ");
|
||||
+ AGAIN_PASSWORD_PROMPT,
|
||||
+ options.prompt_type,
|
||||
+ strlen (options.prompt_type) > 0?" ":"");
|
||||
if (retval != PAM_SUCCESS)
|
||||
return retval;
|
||||
|
@ -1,32 +1,54 @@
|
||||
--- modules/pam_xauth/pam_xauth.c
|
||||
+++ modules/pam_xauth/pam_xauth.c 2008/11/04 10:59:23
|
||||
@@ -600,6 +600,29 @@
|
||||
free (d);
|
||||
--- modules/pam_xauth/pam_xauth.c 8 Apr 2008 07:01:41 -0000 1.16
|
||||
+++ modules/pam_xauth/pam_xauth.c 18 Nov 2008 12:30:58 -0000
|
||||
@@ -280,7 +280,7 @@
|
||||
return noent_code;
|
||||
default:
|
||||
if (debug) {
|
||||
- pam_syslog(pamh, LOG_ERR,
|
||||
+ pam_syslog(pamh, LOG_DEBUG,
|
||||
"error opening %s: %m", path);
|
||||
}
|
||||
return PAM_PERM_DENIED;
|
||||
@@ -293,7 +293,8 @@
|
||||
int argc, const char **argv)
|
||||
{
|
||||
char *cookiefile = NULL, *xauthority = NULL,
|
||||
- *cookie = NULL, *display = NULL, *tmp = NULL;
|
||||
+ *cookie = NULL, *display = NULL, *tmp = NULL,
|
||||
+ *xauthlocalhostname = NULL;
|
||||
const char *user, *xauth = NULL;
|
||||
struct passwd *tpwd, *rpwd;
|
||||
int fd, i, debug = 0;
|
||||
@@ -588,14 +589,30 @@
|
||||
|
||||
if (asprintf(&d, "DISPLAY=%s", display) < 0)
|
||||
{
|
||||
- pam_syslog(pamh, LOG_DEBUG, "out of memory");
|
||||
+ pam_syslog(pamh, LOG_ERR, "out of memory");
|
||||
cookiefile = NULL;
|
||||
retval = PAM_SESSION_ERR;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (pam_putenv (pamh, d) != PAM_SUCCESS)
|
||||
- pam_syslog (pamh, LOG_DEBUG,
|
||||
+ pam_syslog (pamh, LOG_ERR,
|
||||
+ "can't set environment variable '%s'", d);
|
||||
+ free (d);
|
||||
+ }
|
||||
+
|
||||
+ /* set XAUTHLOCALHOSTNAME to make sure that su - work under gnome */
|
||||
+ if (getenv("XAUTHLOCALHOSTNAME") != NULL) {
|
||||
+ char *d, *xauthlocalhostname;
|
||||
+ if ((xauthlocalhostname = getenv("XAUTHLOCALHOSTNAME")) != NULL) {
|
||||
+ char *d;
|
||||
+
|
||||
+ xauthlocalhostname = strdup(getenv("XAUTHLOCALHOSTNAME"));
|
||||
+
|
||||
+ if (asprintf(&d, "XAUTHLOCALHOSTNAME=%s", xauthlocalhostname) < 0)
|
||||
+ {
|
||||
+ pam_syslog(pamh, LOG_DEBUG, "out of memory");
|
||||
+ free(xauthlocalhostname);
|
||||
+ xauthlocalhostname = NULL;
|
||||
+ if (asprintf(&d, "XAUTHLOCALHOSTNAME=%s", xauthlocalhostname) < 0) {
|
||||
+ pam_syslog(pamh, LOG_ERR, "out of memory");
|
||||
+ retval = PAM_SESSION_ERR;
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ if (pam_putenv (pamh, d) != PAM_SUCCESS)
|
||||
+ pam_syslog (pamh, LOG_DEBUG,
|
||||
+ "can't set environment variable '%s'", d);
|
||||
+ free (d);
|
||||
+ free(xauthlocalhostname);
|
||||
+ xauthlocalhostname = NULL;
|
||||
+ }
|
||||
+
|
||||
/* Merge the cookie we read before into the new file. */
|
||||
if (debug) {
|
||||
pam_syslog(pamh, LOG_DEBUG,
|
||||
+ pam_syslog (pamh, LOG_ERR,
|
||||
"can't set environment variable '%s'", d);
|
||||
free (d);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user